RSS   Vulnerabilities for 'Password protect'   RSS

2004-08-31
 
CVE-2004-1648

 

 
Cross-site scripting (XSS) vulnerability in (1) index.asp, (2) ChangePassword.asp, (3) users_list.asp, (4) and users_add.asp in Password Protect allows remote attackers to inject arbitrary web script or HTML via the ShowMsg parameter.

 
2004-08-30
 
CVE-2004-1647

 

 
SQL injection vulnerability in Password Protect allows remote attackers to execute arbitrary SQL statements and bypass authentication via (1) admin or Pass parameter to index_next.asp, (2) LoginId, OPass, or NPass to CPassChangePassword.asp, (3) users_edit.asp, or (4) users_add.asp.

 


Copyright 2024, cxsecurity.com

 

Back to Top