5 matches found
CVE-2012-3821
CVE-2012-3821 affects Arial Software Campaign Enterprise prior to or up to version 11.0.551, with a Security Bypass in the activate.asp page that could allow a remote attacker to modify the SerialNumber field. The trusted impact stated in sources is that this bypass enables unauthorized modificat...
CVE-2012-3822
CVE-2012-3822 affects Arial Campaign Enterprise before v11.0.551. The vulnerability is an unauthorized access issue on the User-Edit.asp page that enables remote attackers to enumerate users’ credentials, i.e., information disclosure of credentials. The root cause is access to a user-edit interfa...
CVE-2012-3824
CVE-2012-3824 affects Arial Campaign Enterprise prior to version 11.0.551, where multiple pages are accessible without authentication or authorization. The vulnerability is caused by insufficient access controls on web pages, enabling unauthorized viewing of pages. A vendor patch addressing this ...
CVE-2012-3823
CVE-2012-3823 affects Arial Campaign Enterprise prior to version 11.0.551. The vulnerability is that passwords are stored in clear text and may be retrieved, leading to potential exposure of user credentials. Impact is confidentiality-related (credentials exposure) with no evidence of integrity/a...
CVE-2012-3820
CVE-2012-3820 affects Arial Software Campaign Enterprise prior to 11.0.551. The vulnerability is multiple SQL injections in Campaign11.exe allowing an attacker to inject SQL via (1) SerialNumber to activate.asp or (2) UID to User-Edit.asp. Connections across sources confirm remote exploitation an...