Lucene search
+L

130 matches found

Prion
Prion
added 2007/11/20 2:46 a.m.19 views

Sql injection

SQL injection vulnerability in calendar/page.asp in Aleris Web Publishing Server 3.0 allows remote attackers to execute arbitrary SQL commands via the mode parameter...

7.5CVSS9.1AI score0.01024EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2007/11/20 2:46 a.m.19 views

CVE-2007-6032

SQL injection vulnerability in calendar/page.asp in Aleris Web Publishing Server 3.0 allows remote attackers to execute arbitrary SQL commands via the mode parameter...

7.5CVSS8.3AI score0.01024EPSS
Exploits1References5
CVE
CVE
added 2007/11/20 2:0 a.m.43 views

CVE-2007-6032

CVE-2007-6032 describes an SQL injection vulnerability in calendar/page.asp of Aleris Web Publishing Server 3.0, exploitable via the mode parameter. The issue enables remote attackers to construct and execute arbitrary SQL commands, impacting confidentiality, integrity, and availability to partia...

7.5CVSS8.4AI score0.01024EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2007/11/20 2:0 a.m.25 views

CVE-2007-6032

SQL injection vulnerability in calendar/page.asp in Aleris Web Publishing Server 3.0 allows remote attackers to execute arbitrary SQL commands via the mode parameter...

8.3AI score0.01024EPSS
Exploits1References5
seebug.org
seebug.org
added 2007/10/28 12:0 a.m.15 views

Aleris Web Publishing Server Page.ASP SQL注入漏洞

Aleris Web Publishing Server是一款基于ASP的WEB应用程序。 Aleris Web Publishing Server不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞进行SQL攻击,获得敏感信息或操作数据库。 问题是由于'Page.ASP'脚本对用户提交的'mode'参数缺少过滤,提交恶意SQL查询作为参数数据,可更改原来的SQL逻辑,攻击者可以获得敏感信息或操作数据库。 Aleris Web Publishing Server 3.0 目前没有详细解决方案提供: http://www.alerisdata.com/articles/home.asp...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2007/10/25 12:0 a.m.12 views

Aleris Web Publishing Server 3.0 - Page.asp SQL Injection

Aleris Web Publishing Server 3.0 - Page.asp SQL Injection source: https://www.securityfocus.com/bid/26207/info Aleris Web Publishing Server is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issu...

0.2AI score
Exploits0
Exploit DB
Exploit DB
added 2007/10/25 12:0 a.m.33 views

Aleris Web Publishing Server 3.0 - 'Page.asp' SQL Injection

source: https://www.securityfocus.com/bid/26207/info Aleris Web Publishing Server is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application,...

7AI score
Exploits0
Fedora
Fedora
added 2007/09/12 4:44 p.m.12 views

[SECURITY] Fedora 7 Update: wordpress-2.2.3-0.fc7

Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web...

2.7AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2006/11/13 12:0 a.m.1 views

Update Protection against W-Agora 'inc_dir' Parameter Remote File Inclusion Vulnerabilities

W-Agora is an open source web publishing and forum software. It allows web administrators and their visitors to store and display messages, files, share discussions and other information on the web site. W-Agora is prone to multiple remote file inclusion vulnerabilities. An attacker can exploit...

3.8AI score
Exploits0
CVE
CVE
added 2006/10/20 1:0 a.m.47 views

CVE-2006-5411

The CVE-2006-5411 entry concerns an unrestricted file upload in Free Web Publishing System (FreeWPS) via upload.php, potentially affecting version 2.11 and earlier. Remote attackers could upload and execute arbitrary PHP programs. The vulnerability enables partial confidentiality, integrity, and ...

7.5CVSS7.9AI score0.0257EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2006/10/20 1:0 a.m.27 views

CVE-2006-5411

Unrestricted file upload vulnerability in upload.php for Free Web Publishing System FreeWPS, possibly 2.11 and earlier, allows remote attackers to upload and execute arbitrary PHP programs...

7.6AI score0.0257EPSS
Exploits1References5
CVE
CVE
added 2006/03/23 11:0 a.m.46 views

CVE-2006-1363

The CVE-2006-1363 issue affects Free Web Publishing System (FreeWPS) 2.11 (Justin White/YTZ). A remote attacker can upload a PHP file to the /upload directory via the dirPath parameter and then access that file to execute arbitrary PHP code, enabling remote code execution. Impact is partial confi...

7.5CVSS7.5AI score0.02793EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2006/03/23 11:0 a.m.29 views

CVE-2006-1363

images.php in Justin White aka YTZ Free Web Publishing System FreeWPS 2.11 allows remote attackers to execute arbitrary PHP code by uploading a .php file into the /upload directory as specified in the dirPath parameter, then performing a direct request to that file...

7.5AI score0.02793EPSS
Exploits0References4
Packet Storm
Packet Storm
added 2006/03/09 12:0 a.m.22 views

loudCMS.txt

"Loudblog is a sleek and easy-to-use Content Management System CMS for publishing media content on the web." SQL Injection in podcast.php magicquotes=off: http://target/loudblog/podcast.php?id=1' and '1'='0' union select...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2006/01/30 12:0 a.m.34 views

EasyCMS vulnerable to XSS injection.

The Norwegian web-publishing system EasyCMS www.easycms.no contains multiple input flaws letting users conduct successful XSS attacks. Both in the admin section, and the webpage that uses the system is vulnerable to XSS. It does not filter script tags and simple scripting like...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2005/11/28 12:0 a.m.38 views

Nephp Publisher v4.5.x SQL inj. vuln.

Nephp Publisher v4.5.x SQL inj. vuln. Vuln. dicovered by : r0t Date: 28 nov. 2005 Orginal advisory:http://pridels.blogspot.com/2005/11/nephp-publisher-v45x-sql-inj-vuln.html Vendor:www.nelogic.com/cms/07-11-2005/19-nephp-publisher.html affected version:v4.5.2 and prior Product Description: a...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2005/10/18 12:0 a.m.32 views

wagora420_xpl.txt

W-agora 4.2.0 Remote code execution / cross site scripting poc exploit software: site: http://w-agora.net/en/index.php description: "W-Agora is a web publishing and forum software. It allows you and your visitors to store and display messages, files, share discussions and other information on you...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2001/06/15 12:0 a.m.18 views

Netscape Enterprise Web Publishing INDEX Command Arbitrary Directory Listing

The remote web server gives a file listing when it is issued the command : INDEX / HTTP/1.1 An attacker may use this flaw to discover the internal structure of your website, or to discover supposedly hidden files. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

5CVSS5.6AI score0.03415EPSS
Exploits1References2
securityvulns
securityvulns
added 2001/04/17 12:0 a.m.25 views

[SX-20010320-2] - Microsoft ISA Server Denial of Service

FSC Internet Corp. / SecureXpert Labs Advisory SX-20010320-2 Denial of Service in Microsoft ISA server v1.0 Summary Microsoft ISA Server 1.0 on Windows 2000 Server SP1 is vulnerable to a simple network-based attack which stops all incoming and outgoing web traffic from passing through the firewal...

7.7AI score
Exploits0
CVE
CVE
added 2001/04/04 4:0 a.m.57 views

CVE-2001-0250

CVE-2001-0250 : The vulnerability affects the Web Publishing feature of Netscape Enterprise Server (version 4.x and earlier). A remote attacker can trigger an arbitrary directory listing by sending the INDEX command to the web server, exposing internal site structure. Impact is information disclo...

5CVSS6.9AI score0.03415EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder