MidnightBSD

Advisories for onlinetechtools.com

CVE-2005-3850 MEDIUM

Cross-site scripting (XSS) vulnerability in search.asp in Online Knowledge Base System (OKBSYS) Lite Edition 1.0 allows remote attackers to inject arbitrary web script or HTML via hex-encoded values in the q parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
onlinetechtools.com okbsys_lite 1.0
CVE-2005-3851 MEDIUM

Cross-site scripting (XSS) vulnerability in search.asp in Online Attendance System (OASYS) Lite 1.0 allows remote attackers to inject arbitrary web script or HTML via certain search parameters, possibly the keyword parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
onlinetechtools.com oasys_lite 1.0
CVE-2005-3852 HIGH

SQL injection vulnerability in search.asp in Online Work Order Suite (OWOS) Lite Edition for ASP 3.0 allows remote attackers to execute arbitrary SQL commands via the keyword parameter.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
onlinetechtools.com owos_lite 3.0
CVE-2009-4859 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in Online Work Order Suite (OWOS) Lite Edition 3.10 allow remote attackers to inject arbitrary web script or HTML via the show parameter to (1) default.asp and (2) report.asp, and the (3) go parameter to login.asp.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
onlinetechtools.com owos_lite 3.10
CVE-2010-4186 HIGH

SQL injection vulnerability in process.asp in OnlineTechTools Online Work Order System (OWOS) Professional Edition 2.10 allows remote attackers to execute arbitrary SQL commands via the password parameter. NOTE: some of these details are obtained from third party information.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
onlinetechtools.com oasys_professional 2.10