VYPR

Asprunner

by Xlinesoft

CVEs (5)

  • CVE-2019-25594MedMar 22, 2026
    risk 0.40cvss 6.2epss 0.00

    ASPRunner.NET 10.1 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the table name field. Attackers can input a buffer of 10000 characters in the table name parameter during database table…

  • CVE-2004-2060Dec 31, 2004
    risk 0.04cvss epss 0.08

    ASPRunner 2.4 stores the database under the web root in the db directory, which may allow remote attackers to obtain the database via a direct request to the database filename, which is predictable based on table and field names.

  • CVE-2004-2059Dec 31, 2004
    risk 0.04cvss epss 0.09

    Multiple cross-site scripting vulnerabilities in ASPRunner 2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) SearchFor parameter in [TABLE-NAME]_search.asp, (2) SQL parameter in [TABLE-NAME]_edit.asp, (3) SearchFor parameter in [TABLE]_list.asp, or…

  • CVE-2004-2057Dec 31, 2004
    risk 0.00cvss epss 0.02

    SQL injection vulnerability in ASPRunner 2.4 allows remote attackers to execute arbitrary SQL statements.

  • CVE-2004-2058Dec 31, 2004
    risk 0.00cvss epss 0.02

    ASPRunner 2.4 allows remote attackers to gain sensitive information via (1) hidden form fields or (2) error messages.