MidnightBSD

Advisories for acc

CVE-1999-0383 HIGH

ACC Tigris allows public access without a login.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
acc tigris 10.5.8
CVE-2025-40654

A SQL injection vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to retrieve, create, update and delete databases through the name and cod parameters in /antbuspre.asp.

Products Affected

Vendor Product Version
acc dm_corporative_cms *
CVE-2025-40655

A SQL injection vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to retrieve, create, update and delete databases through the name parameter in /antcatalogue.asp.

Products Affected

Vendor Product Version
acc dm_corporative_cms *
CVE-2025-40656

A SQL injection vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to retrieve, create, update and delete databases through the cod parameter in /administer/node-selection/data.asp.

Products Affected

Vendor Product Version
acc dm_corporative_cms *
CVE-2025-40657

A SQL injection vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to retrieve, create, update and delete databases through the codform parameter in /modules/forms/collectform.asp.

Products Affected

Vendor Product Version
acc dm_corporative_cms *
CVE-2025-40658

An Insecure Direct Object Reference (IDOR) vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting the option parameter equal to 0, 1 or 2 in /administer/selectionnode/framesSelection.asp.

Products Affected

Vendor Product Version
acc dm_corporative_cms *
CVE-2025-40659

An Insecure Direct Object Reference (IDOR) vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting the option parameter equal to 0, 1 or 2 in /administer/selectionnode/framesSelectionNetworks.asp.

Products Affected

Vendor Product Version
acc dm_corporative_cms *
CVE-2025-40660

An Insecure Direct Object Reference (IDOR) vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting the option parameter equal to 0, 1 or 2 in /administer/select node/data.asp?mode=catalogue&id1=1&id2=1session=&cod=1&networks=0.

Products Affected

Vendor Product Version
acc dm_corporative_cms *
CVE-2025-40661

An Insecure Direct Object Reference (IDOR) vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting the option parameter equal to 0, 1 or 2 in /administer/selectionnode/selection.asp.

Products Affected

Vendor Product Version
acc dm_corporative_cms *
CVE-2025-40662

Absolute path disclosure vulnerability in DM Corporative CMS. This vulnerability allows an attacker to view the contents of webroot/file, if navigating to a non-existent file.

Products Affected

Vendor Product Version
acc dm_corporative_cms *