RSS   Vulnerabilities for 'Absolute news manager.net'   RSS

2009-07-14
 
CVE-2008-6856

CWE-287
 

 
Xigla Software Absolute News Manager.NET 5.1 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.

 
2007-12-07
 
CVE-2007-6271

CWE-DesignError
 

 
Absolute News Manager.NET 5.1 allows remote attackers to obtain sensitive information via a direct request to getpath.aspx, which reveals the installation path in an error message.

 
 
CVE-2007-6270

CWE-79
 

 
Multiple cross-site scripting (XSS) vulnerabilities in Absolute News Manager.NET 5.1 allow remote attackers to inject arbitrary web script or HTML via the (1) rmore parameter to xlaabsolutenm.aspx and the (2) template parameter to pages/default.aspx.

 
 
CVE-2007-6269

CWE-89
 

 
Multiple SQL injection vulnerabilities in xlaabsolutenm.aspx in Absolute News Manager.NET 5.1 allow remote attackers to execute arbitrary SQL commands via the (1) z, (2) pz, (3) ord, and (4) sort parameters.

 
 
CVE-2007-6268

CWE-22
 

 
Directory traversal vulnerability in pages/default.aspx in Absolute News Manager.NET 5.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the template parameter.

 

 >>> Vendor: Xigla 16 Products
Absolute image gallery xe
Absolute live support xe
Absolute faq manager .net
Absolute poll manager xe
Absolute news manager.net
Absolute banner manager.net
Absolute control panel xe
Absolute news manager xe
Absolute form processor xe
Absolute banner manager
Absolute news feed
Absolute podcast.net
Absolute newsletter
Absolute content rotator
Absolute form processor.net
Absolute live support .net


Copyright 2017, cxsecurity.com