Dmxready : Security Vulnerabilities, CVEs,
SQL injection vulnerability in inc_pollingboothmanager.asp in DMXReady Polling Booth Manager allows remote attackers to execute arbitrary SQL commands via the QuestionID parameter in a results action.
Max CVSS
7.5
EPSS Score
0.20%
Published
2011-10-08
Updated
2017-08-29
SQL injection vulnerability in onlinenotebookmanager.asp in DMXReady Online Notebook Manager 1.0 allows remote attackers to execute arbitrary SQL commands via the ItemID parameter.
Max CVSS
7.5
EPSS Score
0.11%
Published
2010-06-21
Updated
2010-06-21
Unrestricted file upload vulnerability in includes/shared_scripts/wysiwyg_editor/assetmanager/assetmanager.asp in DMXReady Registration Manager 1.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in assets/webblogmanager.
Max CVSS
6.8
EPSS Score
2.95%
Published
2009-06-27
Updated
2018-10-10
DMXReady Registration Manager 1.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for databases/webblogmanager.mdb.
Max CVSS
5.0
EPSS Score
0.49%
Published
2009-05-29
Updated
2017-09-29
Multiple SQL injection vulnerabilities in DMXReady Online Notebook Manager 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password field. NOTE: some third parties report inability to verify this issue.
Max CVSS
7.5
EPSS Score
0.10%
Published
2009-02-10
Updated
2017-09-29
SQL injection vulnerability in CategoryManager/upload_image_category.asp in DMXReady Secure Document Library 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cid parameter.
Max CVSS
7.5
EPSS Score
0.15%
Published
2009-02-05
Updated
2017-10-19
SQL injection vulnerability in CategoryManager/upload_image_category.asp in DMXReady Member Directory Manager 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cid parameter.
Max CVSS
7.5
EPSS Score
0.15%
Published
2009-02-05
Updated
2017-10-19
SQL injection vulnerability in CategoryManager/upload_image_category.asp in DMXReady Classified Listings Manager 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cid parameter.
Max CVSS
7.5
EPSS Score
0.10%
Published
2009-02-05
Updated
2017-10-19
SQL injection vulnerability in inc_webblogmanager.asp in DMXReady Blog Manager allows remote attackers to execute arbitrary SQL commands via the itemID parameter in a view action.
Max CVSS
7.5
EPSS Score
0.10%
Published
2009-01-29
Updated
2018-10-11
Cross-site scripting (XSS) vulnerability in inc_webblogmanager.asp in DMXReady Blog Manager allows remote attackers to inject arbitrary web script or HTML via the CategoryID parameter in a refer action.
Max CVSS
4.3
EPSS Score
0.22%
Published
2009-01-29
Updated
2018-10-11
SQL injection vulnerability in index.asp in DMXReady Site Engine Manager 1.0 allows remote attackers to execute arbitrary SQL commands via the mid parameter.
Max CVSS
7.5
EPSS Score
0.09%
Published
2007-03-06
Updated
2018-10-16
Multiple SQL injection vulnerabilities in DMXReady Secure Login Manager 1.0 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) set_preferences.asp, (2) send_password_preferences.asp, and (3) SecureLoginManager/list.asp in the Local-Admin Panel; (4) the sent parameter to (a) login.asp, (b) content.asp, and (c) members.asp in the Remote-WebSite; and (5) the sent parameter to applications/SecureLoginManager/inc_secureloginmanager.asp in the Live Demo.
Max CVSS
7.5
EPSS Score
0.59%
Published
2006-12-29
Updated
2018-10-17
Multiple cross-site scripting (XSS) vulnerabilities in DMXReady Secure Login Manager 1.0 allow remote authenticated administrators to inject arbitrary web script or HTML via unspecified parameters to (1) set_preferences.asp, (2) send_password_preferences.asp, and (3) SecureLoginManager/list.asp in the Local-Admin Panel.
Max CVSS
6.0
EPSS Score
0.26%
Published
2006-12-29
Updated
2018-10-17
SQL injection vulnerability in DMXReady Site Chassis Manager allows remote attackers to execute arbitrary SQL commands via unknown vectors.
Max CVSS
7.5
EPSS Score
0.18%
Published
2004-12-31
Updated
2008-09-05
Cross-site scripting (XSS) vulnerability in DMXReady Site Chassis Manager allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
Max CVSS
4.3
EPSS Score
0.15%
Published
2004-12-31
Updated
2008-09-10
15 vulnerabilities found