VYPR

Aspportal

by Aspapps

CVEs (8)

  • CVE-2008-6382Mar 2, 2009
    risk 0.03cvss epss 0.03

    ASP Portal 3.2.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to ASPPortal.mdb.

  • CVE-2008-5605Dec 16, 2008
    risk 0.03cvss epss 0.02

    Multiple SQL injection vulnerabilities in ASP Portal allow remote attackers to execute arbitrary SQL commands via the (1) ItemID parameter to classifieds.asp and the (2) ID parameter to Events.asp.

  • CVE-2008-5562Dec 15, 2008
    risk 0.03cvss epss 0.05

    ASPPortal stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for xportal.mdb.

  • CVE-2008-5268Nov 28, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in content/forums/reply.asp in ASPPortal allows remote attackers to execute arbitrary SQL commands via the Topic_Id parameter.

  • CVE-2006-5879Nov 14, 2006
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in default1.asp in ASPPortal 4.0.0 beta and earlier allows remote attackers to execute arbitrary SQL commands via the Poll_ID parameter, a different vector than CVE-2006-1353.

  • CVE-2006-1353Mar 22, 2006
    risk 0.03cvss epss 0.04

    Multiple SQL injection vulnerabilities in ASPPortal 3.1.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the downloadid parameter in download_click.asp and (2) content_ID parameter in news/News_Item.asp; authenticated administrators can also conduct…

  • CVE-2006-1261Mar 19, 2006
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in ASPPortal 3.00 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors.

  • CVE-2006-1262Mar 19, 2006
    risk 0.00cvss epss 0.02

    Multiple SQL injection vulnerabilities in ASPPortal 3.00 have unknown impact and attack vectors.