CVE-2005-1288

UNRATEDJSON export Create alert

Description

inc_login_check.asp ACS Blog 0.8 through 1.1.3 allows remote attackers to gain administrator privileges via the "in" value in a cookie.

Affected products

asp_press / acs_blog0.8 – 0.8
asp_press / acs_blog0.9 – 0.9
asp_press / acs_blog1.0 – 1.0
asp_press / acs_blog1.0.1 – 1.0.1
asp_press / acs_blog1.0.2 – 1.0.2
asp_press / acs_blog1.0.3 – 1.0.3
asp_press / acs_blog1.1 – 1.1
asp_press / acs_blog1.1.1 – 1.1.1
asp_press / acs_blog1.1.2 – 1.1.2
asp_press / acs_blog1.1b – 1.1b

References

MISChttp://www.osvdb.org/15787
MISChttp://securitytracker.com/id?1013795
VENDOR_ADVISORYhttp://secunia.com/advisories/15105
MAILING_LISThttp://marc.info/?l=bugtraq&m=111428190921388&w=2