CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Xigla : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2009-1504 287 1 Bypass 2009-05-01 2009-05-02
7.5
None Remote Low Not required Partial Partial Partial
Absolute Form Processor XE 1.5 allows remote attackers to bypass authentication and gain administrative access by setting the xlaAFPadmin cookie to "lvl=1&userid=1."
2 CVE-2008-6864 287 1 Bypass 2009-07-14 2009-07-14
7.5
User Remote Low Not required Partial Partial Partial
Xigla Software Absolute Live Support .NET 5.1 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.
3 CVE-2008-6863 287 1 Bypass 2009-07-14 2009-07-20
7.5
None Remote Low Not required Partial Partial Partial
Xigla Software Absolute Form Processor .NET 4.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.
4 CVE-2008-6862 287 1 Bypass 2009-07-14 2009-07-20
7.5
None Remote Low Not required Partial Partial Partial
Absolute Content Rotator 6.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.
5 CVE-2008-6861 287 1 Bypass 2009-07-14 2009-07-14
7.5
User Remote Low Not required Partial Partial Partial
Xigla Software Absolute Newsletter 6.0 and 6.1 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.
6 CVE-2008-6860 287 1 Bypass 2009-07-14 2009-07-14
7.5
User Remote Low Not required Partial Partial Partial
Xigla Software Absolute Poll Manager XE 4.1 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.
7 CVE-2008-6859 287 1 Bypass 2009-07-14 2009-07-20
7.5
None Remote Low Not required Partial Partial Partial
Xigla Software Absolute Control Panel XE 1.5 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.
8 CVE-2008-6858 287 1 Bypass 2009-07-14 2009-07-20
7.5
None Remote Low Not required Partial Partial Partial
Absolute Banner Manager .NET 4.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.
9 CVE-2008-6857 287 1 Bypass 2009-07-14 2009-07-20
7.5
None Remote Low Not required Partial Partial Partial
Absolute Podcast .NET 1.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.
10 CVE-2008-6856 287 1 Bypass 2009-07-14 2009-07-14
7.5
User Remote Low Not required Partial Partial Partial
Xigla Software Absolute News Manager.NET 5.1 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.
11 CVE-2008-6855 287 1 Bypass 2009-07-14 2009-07-20
7.5
None Remote Low Not required Partial Partial Partial
Xigla Software Absolute News Feed 1.0 and possibly 1.5 allows remote attackers to bypass authentication and gain administrative access by setting a certain cookie.
12 CVE-2008-6854 287 1 Bypass 2009-07-14 2009-07-14
7.5
User Remote Low Not required Partial Partial Partial
Xigla Software Absolute FAQ Manager.NET 6.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.
13 CVE-2008-4569 89 1 Exec Code Sql 2008-10-15 2009-01-29
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in xlacomments.asp in XIGLA Software Absolute Poll Manager XE 4.1 allows remote attackers to execute arbitrary SQL commands via the p parameter.
14 CVE-2008-2768 79 XSS 2008-06-18 2009-08-11
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in admin/search.asp in Xigla Poll Manager XE allows remote authenticated users with administrator role privileges to inject arbitrary web script or HTML via unspecified vectors ("all fields").
15 CVE-2008-2767 89 Exec Code Sql 2008-06-18 2009-04-14
6.5
User Remote Low Single system Partial Partial Partial
SQL injection vulnerability in search.asp in Xigla Poll Manager XE allows remote authenticated users with administrator role privileges to execute arbitrary SQL commands via the orderby parameter.
16 CVE-2008-2766 79 XSS 2008-06-18 2009-04-14
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Xigla Absolute Image Gallery XE allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in (1) admin/search.asp and (2) gallery.asp.
17 CVE-2008-2765 89 Exec Code Sql 2008-06-18 2009-04-14
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in gallery.asp in Xigla Absolute Image Gallery XE allows remote attackers to execute arbitrary SQL commands via the categoryid parameter in a viewimage action.
18 CVE-2008-2764 79 XSS 2008-06-18 2009-08-11
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in admin/search.asp in Xigla Absolute Live Support XE 5.1 allows remote authenticated administrators to inject arbitrary web script or HTML via unspecified vectors ("all fields").
19 CVE-2008-2763 89 Exec Code Sql 2008-06-18 2009-04-14
6.5
User Remote Low Single system Partial Partial Partial
SQL injection vulnerability in search.asp in Xigla Absolute Live Support XE 5.1 allows remote authenticated administrators to execute arbitrary SQL commands via the orderby parameter.
20 CVE-2008-2762 89 Exec Code Sql 2008-06-18 2009-04-14
6.5
User Remote Low Single system Partial Partial Partial
SQL injection vulnerability in search.asp in Xigla Absolute Form Processor XE 4.0 allows remote authenticated administrators s to execute arbitrary SQL commands via the orderby parameter.
21 CVE-2008-2761 79 XSS 2008-06-18 2009-04-14
3.5
None Remote Medium Single system None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Xigla Absolute Banner Manager XE 2.0 allow remote authenticated administrators to inject arbitrary web script or HTML via the text parameter in (1) searchbanners.asp and (2) listadvertisers.asp, and other unspecified fields. NOTE: some of these details are obtained from third party information.
22 CVE-2008-2760 89 Exec Code Sql 2008-06-18 2009-04-14
6.5
User Remote Low Single system Partial Partial Partial
SQL injection vulnerability in searchbanners.asp in Xigla Absolute Banner Manager XE 2.0 allows remote authenticated administrators to execute arbitrary SQL commands via the orderby parameter.
23 CVE-2008-2759 79 XSS 2008-06-18 2009-04-14
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Xigla Absolute Form Processor XE 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) showfields, (2) text, and (3) submissions parameters to search.asp and the (4) name parameter to users.asp. NOTE: some of these details are obtained from third party information.
24 CVE-2008-2758 79 XSS 2008-06-18 2009-04-25
3.5
None Remote Medium Single system None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Xigla Absolute News Manager XE 3.2 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) pblname and (2) text parameters to (a) admin/search.asp, (3) name parameter to (b) admin/publishers.asp, and other unspecified vectors to (c) anmviewer.asp and (d) editarticleX.asp in admin/. NOTE: some of these details are obtained from third party information.
25 CVE-2008-2757 89 Exec Code Sql 2008-06-18 2009-04-23
6.5
User Remote Low Single system Partial Partial Partial
SQL injection vulnerability in search.asp in Xigla Absolute News Manager XE 3.2 allows remote authenticated administrators to execute arbitrary SQL commands via the orderby parameter.
26 CVE-2008-2756 79 XSS 2008-06-18 2009-04-14
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in admin/users.asp in Xigla Absolute Control Panel XE 1.0 allows remote attackers to inject arbitrary web script or HTML via the name parameter and other unspecified parameters. NOTE: some of these details are obtained from third party information.
27 CVE-2007-6291 89 Exec Code Sql 2007-12-10 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in abm.aspx in Xigla Absolute Banner Manager .NET 4.0 allows remote attackers to execute arbitrary SQL commands via the z parameter.
28 CVE-2007-6271 20 +Info 2007-12-07 2008-11-15
5.0
None Remote Low Not required Partial None None
Absolute News Manager.NET 5.1 allows remote attackers to obtain sensitive information via a direct request to getpath.aspx, which reveals the installation path in an error message.
29 CVE-2007-6270 79 XSS 2007-12-07 2008-11-15
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Absolute News Manager.NET 5.1 allow remote attackers to inject arbitrary web script or HTML via the (1) rmore parameter to xlaabsolutenm.aspx and the (2) template parameter to pages/default.aspx.
30 CVE-2007-6269 89 Exec Code Sql 2007-12-07 2008-11-15
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in xlaabsolutenm.aspx in Absolute News Manager.NET 5.1 allow remote attackers to execute arbitrary SQL commands via the (1) z, (2) pz, (3) ord, and (4) sort parameters.
31 CVE-2007-6268 22 Dir. Trav. 2007-12-07 2008-11-15
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in pages/default.aspx in Absolute News Manager.NET 5.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the template parameter.
32 CVE-2007-4630 XSS 2007-08-30 2008-09-05
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in xlaapmview.asp in Absolute Poll Manager XE 4.1 allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
33 CVE-2007-1469 89 Exec Code Sql 2007-03-16 2009-02-12
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in gallery.asp in Absolute Image Gallery 2.0 allows remote attackers to execute arbitrary SQL commands via the categoryid parameter in a viewimage action.
34 CVE-2006-1416 XSS 2006-03-28 2008-11-03
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in afmsearch.aspx in Absolute FAQ Manager .NET 4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search module parameters, possibly the question parameter.
35 CVE-2006-1411 XSS 2006-03-28 2008-11-03
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Absolute Image Gallery XE 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via (1) the shownew parameter in gallery.asp and (2) unspecified search module parameters.
36 CVE-2006-1410 XSS 2006-03-28 2008-11-03
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in XIGLA Absolute Live Support XE 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Screen name or (2) Session Topic field.
37 CVE-2005-4295 XSS 2005-12-16 2008-09-05
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Absolute Image Gallery XE 2.x allows remote attackers to inject arbitrary web script or HTML via the text parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Total number of vulnerabilities : 37   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.