Search Results | AttackerKB

Show filters

Topics 37 Users 9,714

Clear All

Disclosure Date

Disclosure Year Disclosure Month

Collection Command and Control Credential Access Defense Evasion Discovery Execution Exfiltration Impact Initial Access Lateral Movement Persistence Privilege Escalation

37 Total Results

Displaying 11-20 of 37

Attacker Value

Unknown

CVE-2008-6855

Disclosure Date: July 14, 2009 (last updated October 04, 2023)

Xigla Software Absolute News Feed 1.0 and possibly 1.5 allows remote attackers to bypass authentication and gain administrative access by setting a certain cookie.

0

Attacker Value

Unknown

CVE-2009-1504

Disclosure Date: May 01, 2009 (last updated October 04, 2023)

Absolute Form Processor XE 1.5 allows remote attackers to bypass authentication and gain administrative access by setting the xlaAFPadmin cookie to "lvl=1&userid=1."

0

Attacker Value

Unknown

CVE-2008-4569

Disclosure Date: October 15, 2008 (last updated October 04, 2023)

SQL injection vulnerability in xlacomments.asp in XIGLA Software Absolute Poll Manager XE 4.1 allows remote attackers to execute arbitrary SQL commands via the p parameter.

0

Attacker Value

Unknown

CVE-2008-2762

Disclosure Date: June 18, 2008 (last updated October 04, 2023)

SQL injection vulnerability in search.asp in Xigla Absolute Form Processor XE 4.0 allows remote authenticated administrators to execute arbitrary SQL commands via the orderby parameter.

0

Attacker Value

Unknown

CVE-2008-2768

Disclosure Date: June 18, 2008 (last updated October 04, 2023)

Cross-site scripting (XSS) vulnerability in admin/search.asp in Xigla Poll Manager XE allows remote authenticated users with administrator role privileges to inject arbitrary web script or HTML via unspecified vectors ("all fields").

0

Attacker Value

Unknown

CVE-2008-2759

Disclosure Date: June 18, 2008 (last updated October 04, 2023)

Multiple cross-site scripting (XSS) vulnerabilities in Xigla Absolute Form Processor XE 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) showfields, (2) text, and (3) submissions parameters to search.asp and the (4) name parameter to users.asp. NOTE: some of these details are obtained from third party information.

0

Attacker Value

Unknown

CVE-2008-2766

Disclosure Date: June 18, 2008 (last updated October 04, 2023)

Cross-site scripting (XSS) vulnerability in Xigla Absolute Image Gallery XE allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in (1) admin/search.asp and (2) gallery.asp.

0

Attacker Value

Unknown

CVE-2008-2765

Disclosure Date: June 18, 2008 (last updated October 04, 2023)

SQL injection vulnerability in gallery.asp in Xigla Absolute Image Gallery XE allows remote attackers to execute arbitrary SQL commands via the categoryid parameter in a viewimage action.

0

Attacker Value

Unknown

CVE-2008-2763

Disclosure Date: June 18, 2008 (last updated October 04, 2023)

SQL injection vulnerability in search.asp in Xigla Absolute Live Support XE 5.1 allows remote authenticated administrators to execute arbitrary SQL commands via the orderby parameter.

0

Attacker Value

Unknown

CVE-2008-2764

Disclosure Date: June 18, 2008 (last updated October 04, 2023)

Cross-site scripting (XSS) vulnerability in admin/search.asp in Xigla Absolute Live Support XE 5.1 allows remote authenticated administrators to inject arbitrary web script or HTML via unspecified vectors ("all fields").

0