4 matches found
Design/Logic Flaw
EXCELLENT INFOTEK BiYan v1.57 v2.8 allows an attacker to leak user information without being authenticated, by sending a LOGINID element to the auth/main/asp/checkuserlogininfo.aspx URI, and then reading the response, as demonstrated by the KWEMAIL or KWTEL field...
CVE-2019-11233
CVE-2019-11233 affects EXCELLENT INFOTEK BiYan v1.57–v2.8. A misdesign allows an unauthenticated attacker to leak user information by sending a LOGIN_ID element to the endpoint auth/main/asp/check_user_login_info.aspx and reading the response, with leakage demonstrated via KW_EMAIL or KW_TEL fiel...
CVE-2019-11232
Summary of CVE-2019-11232 : Affected product is EXCELLENT INFOTEK BiYan versions 1.57 through 2.8. A vulnerability allows an unauthenticated attacker to disclose a password by sending an EMP_NO element to the kws_login/asp/query_user.asp URI and reading the PWD element. This results in informatio...
actSite 1.56 - news.php Local File Inclusion
actSite 1.56 - news.php Local File Inclusion '/ -.- -----------------oOO------OOo----------------- | actSite v1.56 news.php Local File Inclusion | | coded by DNX | ------------------------------------------------- ! Discovered: DNX ! Vendor: http://www.actsite.de ! Detected: 02.09.2007 ! Reported...