EUVD-2008-6830

Malware in sbrugna...

Information disclosure

Merlix Educate Server allows remote attackers to bypass intended security restrictions and obtain sensitive information via a direct request to 1 config.asp and 2 users.asp...

CVE-2008-6258

SQL injection vulnerability in users.asp in QuadComm Q-Shop 3.0, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the 1 UserID and 2 Pwd parameters. NOTE: this might be related to CVE-2004-2108...

CVE-2008-2759

Multiple cross-site scripting XSS vulnerabilities in Xigla Absolute Form Processor XE 4.0 allow remote attackers to inject arbitrary web script or HTML via the 1 showfields, 2 text, and 3 submissions parameters to search.asp and the 4 name parameter to users.asp. NOTE: some of these details are...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Xigla Absolute Form Processor XE 4.0 allow remote attackers to inject arbitrary web script or HTML via the 1 showfields, 2 text, and 3 submissions parameters to search.asp and the 4 name parameter to users.asp. NOTE: some of these details are...

CVE-2008-2759

Multiple cross-site scripting XSS vulnerabilities in Xigla Absolute Form Processor XE 4.0 allow remote attackers to inject arbitrary web script or HTML via the 1 showfields, 2 text, and 3 submissions parameters to search.asp and the 4 name parameter to users.asp. NOTE: some of these details are...

CVE-2008-2756

CVE-2008-2756 is an XSS vulnerability in the admin/users.asp page of Xigla Absolute Control Panel XE 1.0. The issue allows remote attackers to inject arbitrary web script or HTML via the name parameter (and other unspecified parameters). The available connected documents confirm the affected prod...