VYPR
Vendor

Aspapps

Products
4
CVEs
14
Across products
14
Status
Private

Products

4

Recent CVEs

14
  • CVE-2008-6382Mar 2, 2009
    risk 0.03cvss epss 0.03

    ASP Portal 3.2.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to ASPPortal.mdb.

  • CVE-2008-5951Jan 23, 2009
    risk 0.03cvss epss 0.02

    ASP Template Creature stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for workDB/templatemonster.mdb.

  • CVE-2008-5950Jan 23, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in media/media_level.asp in ASP Template Creature allows remote attackers to execute arbitrary SQL commands via the mcatid parameter.

  • CVE-2008-5608Dec 16, 2008
    risk 0.03cvss epss 0.03

    ASP AutoDealer stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for auto.mdb.

  • CVE-2008-5605Dec 16, 2008
    risk 0.03cvss epss 0.02

    Multiple SQL injection vulnerabilities in ASP Portal allow remote attackers to execute arbitrary SQL commands via the (1) ItemID parameter to classifieds.asp and the (2) ID parameter to Events.asp.

  • CVE-2008-5603Dec 16, 2008
    risk 0.03cvss epss 0.03

    ASPTicker 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for news.mdb.

  • CVE-2008-5595Dec 16, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in detail.asp in ASP AutoDealer allows remote attackers to execute arbitrary SQL commands via the ID parameter.

  • CVE-2008-5562Dec 15, 2008
    risk 0.03cvss epss 0.05

    ASPPortal stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for xportal.mdb.

  • CVE-2008-5268Nov 28, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in content/forums/reply.asp in ASPPortal allows remote attackers to execute arbitrary SQL commands via the Topic_Id parameter.

  • CVE-2006-6848Dec 31, 2006
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in admin.asp in ASPTicker 1.0 allows remote attackers to execute arbitrary SQL commands via the PATH_INFO, possibly related to the Password parameter.

  • CVE-2006-5879Nov 14, 2006
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in default1.asp in ASPPortal 4.0.0 beta and earlier allows remote attackers to execute arbitrary SQL commands via the Poll_ID parameter, a different vector than CVE-2006-1353.

  • CVE-2006-1353Mar 22, 2006
    risk 0.03cvss epss 0.04

    Multiple SQL injection vulnerabilities in ASPPortal 3.1.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the downloadid parameter in download_click.asp and (2) content_ID parameter in news/News_Item.asp; authenticated administrators can also conduct…

  • CVE-2006-1261Mar 19, 2006
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in ASPPortal 3.00 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors.

  • CVE-2006-1262Mar 19, 2006
    risk 0.00cvss epss 0.02

    Multiple SQL injection vulnerabilities in ASPPortal 3.00 have unknown impact and attack vectors.