130 matches found
Sql injection
SQL injection vulnerability in calendar/page.asp in Aleris Web Publishing Server 3.0 allows remote attackers to execute arbitrary SQL commands via the mode parameter...
CVE-2007-6032
SQL injection vulnerability in calendar/page.asp in Aleris Web Publishing Server 3.0 allows remote attackers to execute arbitrary SQL commands via the mode parameter...
CVE-2007-6032
CVE-2007-6032 describes an SQL injection vulnerability in calendar/page.asp of Aleris Web Publishing Server 3.0, exploitable via the mode parameter. The issue enables remote attackers to construct and execute arbitrary SQL commands, impacting confidentiality, integrity, and availability to partia...
CVE-2007-6032
SQL injection vulnerability in calendar/page.asp in Aleris Web Publishing Server 3.0 allows remote attackers to execute arbitrary SQL commands via the mode parameter...
Aleris Web Publishing Server Page.ASP SQL注入漏洞
Aleris Web Publishing Server是一款基于ASP的WEB应用程序。 Aleris Web Publishing Server不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞进行SQL攻击,获得敏感信息或操作数据库。 问题是由于'Page.ASP'脚本对用户提交的'mode'参数缺少过滤,提交恶意SQL查询作为参数数据,可更改原来的SQL逻辑,攻击者可以获得敏感信息或操作数据库。 Aleris Web Publishing Server 3.0 目前没有详细解决方案提供: http://www.alerisdata.com/articles/home.asp...
Aleris Web Publishing Server 3.0 - Page.asp SQL Injection
Aleris Web Publishing Server 3.0 - Page.asp SQL Injection source: https://www.securityfocus.com/bid/26207/info Aleris Web Publishing Server is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issu...
Aleris Web Publishing Server 3.0 - 'Page.asp' SQL Injection
source: https://www.securityfocus.com/bid/26207/info Aleris Web Publishing Server is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application,...
[SECURITY] Fedora 7 Update: wordpress-2.2.3-0.fc7
Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web...
Update Protection against W-Agora 'inc_dir' Parameter Remote File Inclusion Vulnerabilities
W-Agora is an open source web publishing and forum software. It allows web administrators and their visitors to store and display messages, files, share discussions and other information on the web site. W-Agora is prone to multiple remote file inclusion vulnerabilities. An attacker can exploit...
CVE-2006-5411
The CVE-2006-5411 entry concerns an unrestricted file upload in Free Web Publishing System (FreeWPS) via upload.php, potentially affecting version 2.11 and earlier. Remote attackers could upload and execute arbitrary PHP programs. The vulnerability enables partial confidentiality, integrity, and ...
CVE-2006-5411
Unrestricted file upload vulnerability in upload.php for Free Web Publishing System FreeWPS, possibly 2.11 and earlier, allows remote attackers to upload and execute arbitrary PHP programs...
CVE-2006-1363
The CVE-2006-1363 issue affects Free Web Publishing System (FreeWPS) 2.11 (Justin White/YTZ). A remote attacker can upload a PHP file to the /upload directory via the dirPath parameter and then access that file to execute arbitrary PHP code, enabling remote code execution. Impact is partial confi...
CVE-2006-1363
images.php in Justin White aka YTZ Free Web Publishing System FreeWPS 2.11 allows remote attackers to execute arbitrary PHP code by uploading a .php file into the /upload directory as specified in the dirPath parameter, then performing a direct request to that file...
loudCMS.txt
"Loudblog is a sleek and easy-to-use Content Management System CMS for publishing media content on the web." SQL Injection in podcast.php magicquotes=off: http://target/loudblog/podcast.php?id=1' and '1'='0' union select...
EasyCMS vulnerable to XSS injection.
The Norwegian web-publishing system EasyCMS www.easycms.no contains multiple input flaws letting users conduct successful XSS attacks. Both in the admin section, and the webpage that uses the system is vulnerable to XSS. It does not filter script tags and simple scripting like...
Nephp Publisher v4.5.x SQL inj. vuln.
Nephp Publisher v4.5.x SQL inj. vuln. Vuln. dicovered by : r0t Date: 28 nov. 2005 Orginal advisory:http://pridels.blogspot.com/2005/11/nephp-publisher-v45x-sql-inj-vuln.html Vendor:www.nelogic.com/cms/07-11-2005/19-nephp-publisher.html affected version:v4.5.2 and prior Product Description: a...
wagora420_xpl.txt
W-agora 4.2.0 Remote code execution / cross site scripting poc exploit software: site: http://w-agora.net/en/index.php description: "W-Agora is a web publishing and forum software. It allows you and your visitors to store and display messages, files, share discussions and other information on you...
Netscape Enterprise Web Publishing INDEX Command Arbitrary Directory Listing
The remote web server gives a file listing when it is issued the command : INDEX / HTTP/1.1 An attacker may use this flaw to discover the internal structure of your website, or to discover supposedly hidden files. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...
[SX-20010320-2] - Microsoft ISA Server Denial of Service
FSC Internet Corp. / SecureXpert Labs Advisory SX-20010320-2 Denial of Service in Microsoft ISA server v1.0 Summary Microsoft ISA Server 1.0 on Windows 2000 Server SP1 is vulnerable to a simple network-based attack which stops all incoming and outgoing web traffic from passing through the firewal...
CVE-2001-0250
CVE-2001-0250 : The vulnerability affects the Web Publishing feature of Netscape Enterprise Server (version 4.x and earlier). A remote attacker can trigger an arbitrary directory listing by sending the INDEX command to the web server, exposing internal site structure. Impact is information disclo...