4 matches found
CVE-2006-6095
ActiveNews Manager is affected by CVE-2006-6095 via multiple SQL injection vulnerabilities. The issues allow remote attackers to execute arbitrary SQL commands through (1) the articleID parameter to activenews_view.asp or (2) the page parameter to default.asp; the CVE also notes that the vectors ...
CVE-2006-6094
CVE-2006-6094 refers to multiple SQL injection vulnerabilities in ActiveNews Manager, exposed via (1) catID in activeNews_categories.asp, (2) articleID in activeNews_comments.asp, and (3) query in activenews_search.asp. Connected records corroborate that these are remote SQL injection flaws allow...
CVE-2005-1780
CVE-2005-1780 is a SQL injection flaw in Active News Manager, specifically in admin/login.asp, where the password field can be manipulated to execute arbitrary SQL commands. The vulnerability allows remote attackers to compromise data confidentiality and integrity. Documents indicate affected sof...
CVE-2006-6096
CVE-2006-6096 : In the ActiveNews Manager web app, the parameter in activenews_search.asp is vulnerable to cross-site scripting (XSS) , allowing remote attackers to inject arbitrary script/HTML. Affected component: ActiveNews Manager (web interface). Impact per the entry: possible exploitation of...