Zero Day Initiative Advisory 10-220 - This vulnerability allows remote attackers to inject arbitrary SQL into the packaged database on vulnerable installations of Symantec IM Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Administrative interface installed with IM Manager. While there is authentication on the main page of the installed IIS extension, many of the pages can be accessed directly. One of these pages, IMAdminScheduleReport.asp, is vulnerable to a SQL injection vulnerability. The ASP code lacks sanity checks on the 'email' parameter. Thus, an attacker can abuse this to inject arbitrary SQL into the backend database.
510fb503338ecbfca13adb7cacbe14f877aeedd8c76b5d0dae0ef34e9387165dSecunia Security Advisory - A vulnerability has been reported in Mono ASP.NET, which can be exploited by malicious people to disclose sensitive information.
3315e4753eccd8c0b90277870d248f45f7aa42451cfb5bb60ce67bd522673179MS10-070 ASP.NET auto-decryptor file download proof of concept exploit.
583ab327079e0f73d7b6ed0c839ab545a54adb9b2e531b103d46a58fa7667610xWeblog version 2.2 remote SQL injection exploit that leverages arsiv.asp.
2beb8637b0aa0f7f69b2ae512185d2c8383071f4524d3e6accbb57361fc1a1d1Microsoft IIS 6 suffers from an ASP denial of service stack overflow vulnerability.
968ad700fa412b03b08cda7cfb16f28e1648859ba12d1924d7d64d6a0139aeb6Gokhun ASP Stok version 1.0 suffers from cross site scripting, database disclosure and remote SQL injection vulnerabilities.
0b014afa3ef07cc31255993d7a1d5155b464647b8e0481250366eda1b4edb3ebSecunia Security Advisory - Some vulnerabilities have been reported in Gokhun Asp Stok Sistemi, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.
e74c685cea79877d4e233a1ef08f56361d86403872d44b23f4535444eb5b29f7Month Of Abysssec Undisclosed Bugs - ASP Nuke version 0.80 suffers from a remote SQL injection vulnerability.
3019201267ca9f3334f0cf34818c849f5aae0278a3fcd5cc23bca3b04cf99060Month Of Abysssec Undisclosed Bugs - ASP Nuke version 0.80 suffers from a remote SQL injection vulnerability.
9f158f41d7b0304ed2f70c4f53a52c54e7cde9eedaca0ae635a94e0ee1e05cdaRapid7 Security Advisory - FCKEditor contains a file renaming bug that allows remote code execution. Specifically, it is possible to upload ASP code via the ASP.NET connector in FCKEditor. The vulnerability requires that the remote server be running IIS. This vulnerability has been confirmed on FCKEditor 2.5.1 and 2.6.6.
d7ff7819bc5c1b9397d022f19065769fe00e58d1169b50c1ef3b83d03e7b2950Video Script ASP suffers from a database disclosure vulnerability.
ba820fe2c4c454957f07e2bcdbd7544f831a5c670d411bfebcc5d36b003f846fBaby ASP Web Server version 2.7.2 suffers from a denial of service vulnerability.
24d3e9eeaa6d231eb86ec5138e6bb2fe2ea64371cecb0ed98d3b12d42ca9e02aASP Resources Forum suffers from a database disclosure vulnerability.
cfa1555f06212d3054dbc2262cf32775aa9cd2d7c0bf152083f2f3b44e613aafSmart ASP Survey suffers from cross site scripting and remote SQL injection vulnerabilities.
70074dd4065055e6ece8c8749ace5d9443c1d29d8e907d57cd5c1ac17941d544Real-Time ASP Calendar suffers from a remote SQL injection vulnerability.
2307938d90b521d63a73579f591141bea78df0a4cf5805defa6a361cd4d69b34Secunia Security Advisory - MustLive has reported a vulnerability in Flash Tag Cloud control for ASP.NET, which can be exploited by malicious people to conduct cross-site scripting attacks.
6f84d5c0381521c450807c4d0bf7f1d3e1347305f9ab8caa487ff0c16544e18dFlash Tag Cloud for Blogsa and other ASP.NET engines suffers from cross site scripting and html injection vulnerabilities.
b2d0ff0da1d8dcb4d4af860905723bdfc28504ace1f75938c0141fe1e3da26bbe-Webtech suffers from a remote SQL injection vulnerability in fixed_page.asp.
6737161257fb3f8bba6ff30d17a314b9fa0479294faabe4f0447c25bca29f891ASP Comersus7F Shopping Cart suffers from a database disclosure vulnerability.
f329299b7a543108afdc126da75e2e2c935be8430bbc13c85c1d95f1b3a1fc94Secunia Security Advisory - Multiple vulnerabilities have been reported in Pre Classified Listings ASP, which can be exploited by malicious people to conduct script insertion and SQL injection attacks.
189511825db34116df56d4a6263a846fbf047efb5ae178e06ea4428176359c61This Metasploit module can be used to execute a payload on IIS servers that have world-writeable directories. The payload is uploaded as an ASP script using a WebDAV PUT request.
4ec5b093ab1cb3f7824fc0789935b123c05d0f352410b2d130c1546774dfb524SpiderLabs has documented view state tampering vulnerabilities in three products from separate vendors. Microsoft ASP.Net version 3.5, Apache MyFaces versions 1.2.8 and 1.2.7, and Sun Microsystems Mojarra versions 1.2_14 and 2.0.2 are all vulnerable.
274d820d5053b91c5b4019151e6accd446cb31435dfa6ae866e1d89dceee5e44Secunia Security Advisory - Some vulnerabilities have been reported in VP-ASP Shopping Cart which can be exploited by malicious users to conduct SQL injection attacks and disclose sensitive information.
373c0b9c4d7cae884127f2a8e04eaad6f27bea22bac2cd60a62c5ce4cec5b0ecVP-ASP suffers from cross site scripting and remote SQL injection vulnerabilities.
03144e9c7692da406834dc7e125ff0f52a6114f18f5370f2ff5026b33c71728dASP A.ShopKart version 2.0 suffers from a database disclosure vulnerability.
b0eba3fcfb062f1718d6ecbd1301545732dae1281dbfe979242377eee1dbf62e
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed