3 matches found
CVE-2005-1835
CVE-2005-1835 affects NEXTWEB (i)Site, where databases are stored under the web document root with insufficient access control. This allows remote attackers to obtain sensitive information by directly requesting databases/Users.mdb. Public sources in the connected documents confirm the issue but ...
CVE-2005-1836
CVE-2005-1836 affects NEXTWEB (i)Site. The vulnerability allows remote attackers to cause a denial of service (HTTP 500) by sending a crafted request, potentially involving wildcard requests for .jsp files. The description, sources, and CVE listings confirm the impact is a partial availability de...
CVE-2005-1834
The CVE-2005-1834 entry describes a SQL injection vulnerability in NEXTWEB (i)Site, specifically in login.asp. The underlying issue is unsanitized input in the password field, enabling remote attackers to execute arbitrary SQL commands and bypass authentication. The available connected documents ...