Vulnerabilities for Nextweb (i)site (...) - CXSECURITY.COM

Vulnerabilities for 'Nextweb (i)site'

2005-06-01

CVE-2005-1836

NEXTWEB (i)Site allows remote attackers to cause a denial of service (error 500) via a crafted HTTP request, possibly involving wildcard requests for .jsp files.

CVE-2005-1835

NEXTWEB (i)Site stores databases under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to databases/Users.mdb.

CVE-2005-1834

SQL injection vulnerability in login.asp in NEXTWEB (i)Site allows remote attackers to execute arbitrary SQL commands and bypass authentication via the password field.

Copyright 2024, cxsecurity.com