Vulnerabilities > CVE-2004-2059 - Multiple vulnerability in XLineSoft ASPRunner
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Multiple cross-site scripting vulnerabilities in ASPRunner 2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) SearchFor parameter in [TABLE-NAME]_search.asp, (2) SQL parameter in [TABLE-NAME]_edit.asp, (3) SearchFor parameter in [TABLE]_list.asp, or (4) SQL parameter in export.asp.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 6 |
Exploit-Db
description XLineSoft ASPRunner 1.0/2.x [TABLE]_list.asp SearchFor Parameter XSS. CVE-2004-2059. Webapps exploit for asp platform id EDB-ID:24315 last seen 2016-02-02 modified 2004-07-26 published 2004-07-26 reporter Ferruh Mavituna source https://www.exploit-db.com/download/24315/ title XLineSoft ASPRunner 1.0/2.x - TABLE_list.asp SearchFor Parameter XSS description XLineSoft ASPRunner 1.0/2.x export.asp SQL Parameter XSS. CVE-2004-2059. Webapps exploit for asp platform id EDB-ID:24316 last seen 2016-02-02 modified 2004-07-26 published 2004-07-26 reporter Ferruh Mavituna source https://www.exploit-db.com/download/24316/ title XLineSoft ASPRunner 1.0/2.x export.asp SQL Parameter XSS description XLineSoft ASPRunner 1.0/2.x [TABLE-NAME]_edit.asp SQL Parameter XSS². CVE-2004-2059. Webapps exploit for asp platform id EDB-ID:24314 last seen 2016-02-02 modified 2004-07-26 published 2004-07-26 reporter Ferruh Mavituna source https://www.exploit-db.com/download/24314/ title XLineSoft ASPRunner 1.0/2.x - TABLE-NAME_edit.asp SQL Parameter XSS description XLineSoft ASPRunner 1.0/2.x [TABLE-NAME]_search.asp Typeen Parameter XSS. CVE-2004-2059. Webapps exploit for asp platform id EDB-ID:24313 last seen 2016-02-02 modified 2004-07-26 published 2004-07-26 reporter Ferruh Mavituna source https://www.exploit-db.com/download/24313/ title XLineSoft ASPRunner 1.0/2.x - TABLE-NAME_search.asp Typeen Parameter XSS
Nessus
NASL family | CGI abuses |
NASL id | ASPRUNNER_MULT.NASL |
description | The remote host is running ASPrunner prior to version 2.5. There are multiple flaws in this version of ASPrunner which would enable a remote attacker to read and/or modify potentially confidential data. An attacker, exploiting this flaw, would need access to the web server via the network. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 14233 |
published | 2004-08-09 |
reporter | This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/14233 |
title | ASPrunner 2.4 Multiple Vulnerabilities |
code |
|
References
- http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0011.html
- http://ferruh.mavituna.com/article/?574
- http://marc.info/?l=bugtraq&m=109086977330418&w=2
- http://secunia.com/advisories/12164
- http://securitytracker.com/id?1010777
- http://www.osvdb.org/8254
- http://www.osvdb.org/8255
- http://www.osvdb.org/8256
- http://www.osvdb.org/8257
- http://www.securityfocus.com/bid/10799
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16801