RSS   Podatności dla 'Nextweb (i)site'   RSS



NEXTWEB (i)Site allows remote attackers to cause a denial of service (error 500) via a crafted HTTP request, possibly involving wildcard requests for .jsp files.



NEXTWEB (i)Site stores databases under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to databases/Users.mdb.



SQL injection vulnerability in login.asp in NEXTWEB (i)Site allows remote attackers to execute arbitrary SQL commands and bypass authentication via the password field.


Copyright 2021,


Back to Top