VYPR

Listpics

by Iisworks

CVEs (3)

  • CVE-2006-6210Dec 1, 2006
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in listpics.asp in ASP ListPics 5.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.

  • CVE-2006-6350Dec 7, 2006
    risk 0.00cvss epss 0.02

    listpics 5 stores sensitive data under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for listpics.mdb.

  • CVE-2006-2989Jun 13, 2006
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in listpics.asp in ASP ListPics 4.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the info parameter.