Vulnerabilities > Xigla > High

DATE CVE VULNERABILITY TITLE RISK
2009-07-14 CVE-2008-6854 Improper Authentication vulnerability in Xigla Absolute FAQ Manager .Net 6.0
Xigla Software Absolute FAQ Manager.NET 6.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.
network
low complexity
xigla CWE-287
7.5
7.5
2009-05-01 CVE-2009-1504 Improper Authentication vulnerability in Xigla Absolute Control Panel XE 1.5
Absolute Form Processor XE 1.5 allows remote attackers to bypass authentication and gain administrative access by setting the xlaAFPadmin cookie to "lvl=1&userid=1."
network
low complexity
xigla CWE-287
7.5
7.5
2008-10-15 CVE-2008-4569 SQL Injection vulnerability in Xigla Absolute Poll Manager XE 4.1
SQL injection vulnerability in xlacomments.asp in XIGLA Software Absolute Poll Manager XE 4.1 allows remote attackers to execute arbitrary SQL commands via the p parameter.
network
low complexity
xigla CWE-89
7.5
7.5
2008-06-18 CVE-2008-2765 SQL Injection vulnerability in Xigla Absolute Image Gallery XE
SQL injection vulnerability in gallery.asp in Xigla Absolute Image Gallery XE allows remote attackers to execute arbitrary SQL commands via the categoryid parameter in a viewimage action.
network
low complexity
xigla CWE-89
7.5
7.5
2007-12-10 CVE-2007-6291 SQL Injection vulnerability in Xigla Absolute Banner Manager.Net 4.0
SQL injection vulnerability in abm.aspx in Xigla Absolute Banner Manager .NET 4.0 allows remote attackers to execute arbitrary SQL commands via the z parameter.
network
low complexity
xigla CWE-89
7.5
7.5
2007-12-07 CVE-2007-6269 SQL Injection vulnerability in Xigla Absolute News Manager.Net 5.1
Multiple SQL injection vulnerabilities in xlaabsolutenm.aspx in Absolute News Manager.NET 5.1 allow remote attackers to execute arbitrary SQL commands via the (1) z, (2) pz, (3) ord, and (4) sort parameters.
network
low complexity
xigla CWE-89
7.5
7.5
2007-03-16 CVE-2007-1469 SQL Injection vulnerability in Xigla Absolute Image Gallery XE 2.0
SQL injection vulnerability in gallery.asp in Absolute Image Gallery 2.0 allows remote attackers to execute arbitrary SQL commands via the categoryid parameter in a viewimage action.
network
low complexity
xigla CWE-89
7.5
7.5