Aspportal
by Aspapps
CVEs (8)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2008-6382 | 0.03 | — | 0.03 | Mar 2, 2009 | ASP Portal 3.2.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to ASPPortal.mdb. | |||
| CVE-2008-5605 | 0.03 | — | 0.02 | Dec 16, 2008 | Multiple SQL injection vulnerabilities in ASP Portal allow remote attackers to execute arbitrary SQL commands via the (1) ItemID parameter to classifieds.asp and the (2) ID parameter to Events.asp. | |||
| CVE-2008-5562 | 0.03 | — | 0.05 | Dec 15, 2008 | ASPPortal stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for xportal.mdb. | |||
| CVE-2008-5268 | 0.03 | — | 0.01 | Nov 28, 2008 | SQL injection vulnerability in content/forums/reply.asp in ASPPortal allows remote attackers to execute arbitrary SQL commands via the Topic_Id parameter. | |||
| CVE-2006-5879 | 0.03 | — | 0.01 | Nov 14, 2006 | SQL injection vulnerability in default1.asp in ASPPortal 4.0.0 beta and earlier allows remote attackers to execute arbitrary SQL commands via the Poll_ID parameter, a different vector than CVE-2006-1353. | |||
| CVE-2006-1353 | 0.03 | — | 0.04 | Mar 22, 2006 | Multiple SQL injection vulnerabilities in ASPPortal 3.1.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the downloadid parameter in download_click.asp and (2) content_ID parameter in news/News_Item.asp; authenticated administrators can also conduct… | |||
| CVE-2006-1261 | 0.00 | — | 0.01 | Mar 19, 2006 | Multiple cross-site scripting (XSS) vulnerabilities in ASPPortal 3.00 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors. | |||
| CVE-2006-1262 | 0.00 | — | 0.02 | Mar 19, 2006 | Multiple SQL injection vulnerabilities in ASPPortal 3.00 have unknown impact and attack vectors. |
- CVE-2008-6382Mar 2, 2009risk 0.03cvss —epss 0.03
ASP Portal 3.2.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to ASPPortal.mdb.
- CVE-2008-5605Dec 16, 2008risk 0.03cvss —epss 0.02
Multiple SQL injection vulnerabilities in ASP Portal allow remote attackers to execute arbitrary SQL commands via the (1) ItemID parameter to classifieds.asp and the (2) ID parameter to Events.asp.
- CVE-2008-5562Dec 15, 2008risk 0.03cvss —epss 0.05
ASPPortal stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for xportal.mdb.
- CVE-2008-5268Nov 28, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in content/forums/reply.asp in ASPPortal allows remote attackers to execute arbitrary SQL commands via the Topic_Id parameter.
- CVE-2006-5879Nov 14, 2006risk 0.03cvss —epss 0.01
SQL injection vulnerability in default1.asp in ASPPortal 4.0.0 beta and earlier allows remote attackers to execute arbitrary SQL commands via the Poll_ID parameter, a different vector than CVE-2006-1353.
- CVE-2006-1353Mar 22, 2006risk 0.03cvss —epss 0.04
Multiple SQL injection vulnerabilities in ASPPortal 3.1.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the downloadid parameter in download_click.asp and (2) content_ID parameter in news/News_Item.asp; authenticated administrators can also conduct…
- CVE-2006-1261Mar 19, 2006risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in ASPPortal 3.00 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
- CVE-2006-1262Mar 19, 2006risk 0.00cvss —epss 0.02
Multiple SQL injection vulnerabilities in ASPPortal 3.00 have unknown impact and attack vectors.