RSS   Vulnerabilities for 'Rankem'   RSS

2009-01-22
 
CVE-2009-0249

CWE-264
 

 
Katy Whitton RankEm stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing credentials via a direct request for database/topsites.mdb.

 
 
CVE-2009-0248

CWE-79
 

 
Cross-site scripting (XSS) vulnerability in rankup.asp in Katy Whitton RankEm allows remote attackers to inject arbitrary web script or HTML via the siteID parameter.

 
2008-12-16
 
CVE-2008-5589

 

 
SQL injection vulnerability in processlogin.asp in Katy Whitton RankEm allows remote attackers to execute arbitrary SQL commands via the (1) txtusername parameter (aka username field) or the (2) txtpassword parameter (aka password field). NOTE: some of these details are obtained from third party information.

 
 
CVE-2008-5588

CWE-89
 

 
SQL injection vulnerability in rankup.asp in Katy Whitton RankEm allows remote attackers to execute arbitrary SQL commands via the siteID parameter.

 

 >>> Vendor: Katywhitton 2 Products
Rankem
Blogit!


Copyright 2024, cxsecurity.com

 

Back to Top