20 matches found
EUVD-2011-3647
Malware in sbrugna...
EUVD-2011-3645
Malware in sbrugna...
EUVD-2011-3646
Malware in sbrugna...
CVE-2011-3686
Multiple cross-site scripting XSS vulnerabilities in myAddressBook.asp in Sonexis ConferenceManager 9.2.11.0 and 9.3.14.0 allow remote attackers to inject arbitrary web script or HTML via the 1 fname, 2 lname, 3 emailedit, 4 email, 5 email2, 6 email3, 7 sms, 8 smsid, or 9 work parameter...
Sonexis ConferenceManager Information Disclosure
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Netragard Security Advisory - Sonexis ConferenceManager - 20120201 POSTING NOTICE If you intend to post this advisory on your web page please create a link back to the original Netragard advisory as the contents of the advisory may change. For more...
CVE-2011-3687
Multiple cross-site scripting XSS vulnerabilities in Sonexis ConferenceManager 9.2.11.0 allow remote attackers to inject arbitrary web script or HTML via 1 the txtConferenceID parameter to HostLogin.asp, 2 the txtConferenceID parameter to ParticipantLogin.asp, 3 the acp parameter to ForgotPIN.asp...
CVE-2011-3688
Multiple SQL injection vulnerabilities in Sonexis ConferenceManager 9.3.14.0 allow remote attackers to execute arbitrary SQL commands via 1 the g parameter to Conference/Audio/AudioResourceContainer.asp or 2 the txtConferenceID parameter to Login/HostLogin.asp...
CVE-2011-3686
Multiple cross-site scripting XSS vulnerabilities in myAddressBook.asp in Sonexis ConferenceManager 9.2.11.0 and 9.3.14.0 allow remote attackers to inject arbitrary web script or HTML via the 1 fname, 2 lname, 3 emailedit, 4 email, 5 email2, 6 email3, 7 sms, 8 smsid, or 9 work parameter...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Sonexis ConferenceManager 9.2.11.0 allow remote attackers to inject arbitrary web script or HTML via 1 the txtConferenceID parameter to HostLogin.asp, 2 the txtConferenceID parameter to ParticipantLogin.asp, 3 the acp parameter to ForgotPIN.asp...
Sql injection
Multiple SQL injection vulnerabilities in Sonexis ConferenceManager 9.3.14.0 allow remote attackers to execute arbitrary SQL commands via 1 the g parameter to Conference/Audio/AudioResourceContainer.asp or 2 the txtConferenceID parameter to Login/HostLogin.asp...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in myAddressBook.asp in Sonexis ConferenceManager 9.2.11.0 and 9.3.14.0 allow remote attackers to inject arbitrary web script or HTML via the 1 fname, 2 lname, 3 emailedit, 4 email, 5 email2, 6 email3, 7 sms, 8 smsid, or 9 work parameter...
CVE-2011-3686
Multiple cross-site scripting XSS vulnerabilities in myAddressBook.asp in Sonexis ConferenceManager 9.2.11.0 and 9.3.14.0 allow remote attackers to inject arbitrary web script or HTML via the 1 fname, 2 lname, 3 emailedit, 4 email, 5 email2, 6 email3, 7 sms, 8 smsid, or 9 work parameter...
CVE-2011-3688
Multiple SQL injection vulnerabilities in Sonexis ConferenceManager 9.3.14.0 allow remote attackers to execute arbitrary SQL commands via 1 the g parameter to Conference/Audio/AudioResourceContainer.asp or 2 the txtConferenceID parameter to Login/HostLogin.asp...
CVE-2011-3687
CVE-2011-3687 concerns multiple cross-site scripting (XSS) vulnerabilities in Sonexis ConferenceManager 9.2.11.0. According to NVD and related records, attackers can inject arbitrary web script or HTML via several input points: txtConferenceID in HostLogin.asp and ParticipantLogin.asp; acp in For...
CVE-2011-3687
Multiple cross-site scripting XSS vulnerabilities in Sonexis ConferenceManager 9.2.11.0 allow remote attackers to inject arbitrary web script or HTML via 1 the txtConferenceID parameter to HostLogin.asp, 2 the txtConferenceID parameter to ParticipantLogin.asp, 3 the acp parameter to ForgotPIN.asp...
CVE-2011-3686
CVE-2011-3686 affects Sonexis ConferenceManager (myAddressBook.asp) in versions 9.2.11.0 and 9.3.14.0. The vulnerability allows multiple XSS vectors via the parameters: fname, lname, email_edit, email, email2, email3, sms, sms_id, and work. NVD lists a CVSS v2 base score of 4.3 (network, medium c...
CVE-2011-3688
CVE-2011-3688 concerns multiple SQL injection vulnerabilities in Sonexis ConferenceManager 9.3.14.0 . The flaws allow remote attackers to execute arbitrary SQL commands via user-controlled input in two places: (1) the g parameter to Conference/Audio/AudioResourceContainer.asp and (2) the txtConfe...
Sonexis ConferenceManager SQL Injection
Vulnerability title: Sonexis ConferenceManager SQL Injection Solutionary ID: SERT-VDN-1006 Solutionary disclosure URL: http://www.solutionary.com/index/SERT/Vuln-Disclosures/Sonexis-SQL-Injection.html CVE ID: Pending CVSS risk rating: 8 Product: Sonexis ConferenceManager Application Vendor: Sonex...
Sonexis ConferenceManager Multiple Cross-site Scripting (XSS) Vulnerabilities
Vulnerability title: Sonexis ConferenceManager Multiple Cross-site Scripting XSS Vulnerabilities Solutionary ID: SERT-VDN-1005 Solutionary disclosure URL: http://www.solutionary.com/index/SERT/Vuln-Disclosures/Sonexis-XSS-Vulnerabilities.html CVE ID: Pending CVSS risk rating: 3.9 Product: Sonexis...
Sonexis ConferenceManager 9.3.14.0 Blind SQL Injection
NETRAGARD ADVISORY http://www.netragard.com Research Driven Penetration Testing POSTING NOTICE -------------------------------------------------------------------------- If you intend to post this advisory on your web page please create a clickable link back to the original Netragard advisory as...