Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3208

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2005-3208
Last Modified 10 Sep 2008 03:45:56
Published 14 Oct 2005 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2005-3208

Summary

Multiple SQL injection vulnerabilities in (1) aeNovo, (2) aeNovoShop and (3) aeNovoWYSI allow remote attackers to execute arbitrary SQL code via (a) the password parameter in control.asp, and (b) the strSQL parameter in search.asp, which can enable XSS attacks in resulting error messages.

Vulnerable Systems

Application

  • Aenovo

  • Aenovoshop

  • Aenovowysi


References

XF - aenovo-xss(22553)

XF - aenovo-strsql-sql-injection(22551)

XF - aenovo-password-sql-injection(22547)

BID - 15038

BID - 15036

MISC - http://www.kapda.ir/advisory-78.html

SECUNIA - 17117

BUGTRAQ - 20051007 Aenovo Multiple Vulnerabilities

OSVDB - 19937

OSVDB - 19936


Last Updated: 27 May 2016 10:40:50