Vulnerabilities > Dmxready > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-06-27 | CVE-2009-2238 | Unspecified vulnerability in Dmxready Registration Manager 1.1 Unrestricted file upload vulnerability in includes/shared_scripts/wysiwyg_editor/assetmanager/assetmanager.asp in DMXReady Registration Manager 1.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in assets/webblogmanager. network dmxready | 6.8 |
| 2009-05-29 | CVE-2009-1821 | Permissions, Privileges, and Access Controls vulnerability in Dmxready Registration Manager 1.1 DMXReady Registration Manager 1.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for databases/webblogmanager.mdb. | 5.0 |
| 2009-01-29 | CVE-2009-0338 | Cross-Site Scripting vulnerability in Dmxready Blog Manager NIL Cross-site scripting (XSS) vulnerability in inc_webblogmanager.asp in DMXReady Blog Manager allows remote attackers to inject arbitrary web script or HTML via the CategoryID parameter in a refer action. | 4.3 |
| 2006-12-29 | CVE-2006-6815 | Cross-Site Scripting vulnerability in Dmxready Secure Login Manager 1.0 Multiple cross-site scripting (XSS) vulnerabilities in DMXReady Secure Login Manager 1.0 allow remote authenticated administrators to inject arbitrary web script or HTML via unspecified parameters to (1) set_preferences.asp, (2) send_password_preferences.asp, and (3) SecureLoginManager/list.asp in the Local-Admin Panel. network dmxready | 6.0 |
| 2004-12-31 | CVE-2004-2188 | Cross-Site Scripting And SQL Injection vulnerability in DMXReady Site Chassis Manager Cross-site scripting (XSS) vulnerability in DMXReady Site Chassis Manager allows remote attackers to inject arbitrary web script or HTML via unknown vectors. network dmxready | 4.3 |