Asprunner
by Xlinesoft
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-25594 | Med | 0.40 | 6.2 | 0.00 | Mar 22, 2026 | ASPRunner.NET 10.1 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the table name field. Attackers can input a buffer of 10000 characters in the table name parameter during database table… | ||
| CVE-2004-2060 | 0.04 | — | 0.08 | Dec 31, 2004 | ASPRunner 2.4 stores the database under the web root in the db directory, which may allow remote attackers to obtain the database via a direct request to the database filename, which is predictable based on table and field names. | |||
| CVE-2004-2059 | 0.04 | — | 0.09 | Dec 31, 2004 | Multiple cross-site scripting vulnerabilities in ASPRunner 2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) SearchFor parameter in [TABLE-NAME]_search.asp, (2) SQL parameter in [TABLE-NAME]_edit.asp, (3) SearchFor parameter in [TABLE]_list.asp, or… | |||
| CVE-2004-2057 | 0.00 | — | 0.02 | Dec 31, 2004 | SQL injection vulnerability in ASPRunner 2.4 allows remote attackers to execute arbitrary SQL statements. | |||
| CVE-2004-2058 | 0.00 | — | 0.02 | Dec 31, 2004 | ASPRunner 2.4 allows remote attackers to gain sensitive information via (1) hidden form fields or (2) error messages. |
- risk 0.40cvss 6.2epss 0.00
ASPRunner.NET 10.1 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the table name field. Attackers can input a buffer of 10000 characters in the table name parameter during database table…
- CVE-2004-2060Dec 31, 2004risk 0.04cvss —epss 0.08
ASPRunner 2.4 stores the database under the web root in the db directory, which may allow remote attackers to obtain the database via a direct request to the database filename, which is predictable based on table and field names.
- CVE-2004-2059Dec 31, 2004risk 0.04cvss —epss 0.09
Multiple cross-site scripting vulnerabilities in ASPRunner 2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) SearchFor parameter in [TABLE-NAME]_search.asp, (2) SQL parameter in [TABLE-NAME]_edit.asp, (3) SearchFor parameter in [TABLE]_list.asp, or…
- CVE-2004-2057Dec 31, 2004risk 0.00cvss —epss 0.02
SQL injection vulnerability in ASPRunner 2.4 allows remote attackers to execute arbitrary SQL statements.
- CVE-2004-2058Dec 31, 2004risk 0.00cvss —epss 0.02
ASPRunner 2.4 allows remote attackers to gain sensitive information via (1) hidden form fields or (2) error messages.