VYPR
Vendor

Asp Dev

Products
5
CVEs
9
Across products
9
Status
Private

Products

5

Recent CVEs

9
  • CVE-2012-4060Jul 25, 2012
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in ASP-DEv XM Forums RC3 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) profile.asp, (2) forum.asp, or (3) topic.asp.

  • CVE-2008-5926Jan 21, 2009
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in login.asp in ASP-DEv Internal E-Mail System allow remote attackers to execute arbitrary SQL commands via the (1) login parameter (aka user field) or the (2) password parameter (aka pass field). NOTE: some of these details are obtained…

  • CVE-2008-5923Jan 21, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in default.asp in ASP-DEv XM Events Diary allows remote attackers to execute arbitrary SQL commands the cat parameter.

  • CVE-2005-4256Dec 15, 2005
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in forum.asp in ASP-DEV XM Forum RC3 allows remote attackers to inject arbitrary web script or HTML via the forum_title parameter. NOTE: the provenance of this issue is unknown; the details are obtained solely from the BID. In addition,…

  • CVE-2005-1008May 2, 2005
    risk 0.03cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in posts.asp for ASP-DEv XM Forum RC3 allows remote attackers to inject arbitrary web script or HTML via a "javascript:" URL in an IMG tag.

  • CVE-2012-4061Jul 25, 2012
    risk 0.00cvss epss 0.01

    Multiple SQL injection vulnerabilities in ASP-DEv XM Diary allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to diary_view.asp or (2) view_date parameter to default.asp.

  • CVE-2008-5925Jan 21, 2009
    risk 0.00cvss epss 0.01

    ASP-DEv XM Events Diary stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for diary.mdb.

  • CVE-2008-5924Jan 21, 2009
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in diary_viewC.asp in ASP-DEv XM Events Diary allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

  • CVE-2005-4165Dec 11, 2005
    risk 0.00cvss epss 0.01

    Multiple SQL injection vulnerabilities in ASP-DEV ASP Resources Forum allow remote attackers to execute arbitrary SQL commands via the (1) forum_id parameter to forum.asp, (2) unspecified parameters to register.asp, and (3) the "Search For" field in search.asp.