Nextweb Nextweb (i)site : Security vulnerabilities, CVEs

Copy

CVE-2005-1834

SQL injection vulnerability in login.asp in NEXTWEB (i)Site allows remote attackers to execute arbitrary SQL commands and bypass authentication via the password field.

Max CVSS

7.5

EPSS Score

0.35%

Published

2005-06-01

Updated

2016-10-18

CVE-2005-1835

NEXTWEB (i)Site stores databases under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to databases/Users.mdb.

Max CVSS

5.0

EPSS Score

0.46%

Published

2005-06-01

Updated

2024-01-25

CVE-2005-1836

NEXTWEB (i)Site allows remote attackers to cause a denial of service (error 500) via a crafted HTTP request, possibly involving wildcard requests for .jsp files.

Max CVSS

5.0

EPSS Score

0.16%

Published

2005-06-01

Updated

2016-10-18

3 vulnerabilities found

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!