RSS   Vulnerabilities for 'Registration manager'   RSS

2009-06-27
 
CVE-2009-2238

CWE-Other
 

 
Unrestricted file upload vulnerability in includes/shared_scripts/wysiwyg_editor/assetmanager/assetmanager.asp in DMXReady Registration Manager 1.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in assets/webblogmanager.

 
2009-05-29
 
CVE-2009-1821

CWE-264
 

 
DMXReady Registration Manager 1.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for databases/webblogmanager.mdb.

 

 >>> Vendor: Dmxready 10 Products
Dmxready site chassis manager
Dmxready secure login manager
Site engine manager
Blog manager
Classified listings manager
Member directory manager
Secure document library
Online notebook manager
Registration manager
Polling booth manager


Copyright 2024, cxsecurity.com

 

Back to Top