Aspapps
Products
4- 8 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
Recent CVEs
14| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2008-6382 | 0.03 | — | 0.03 | Mar 2, 2009 | ASP Portal 3.2.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to ASPPortal.mdb. | |||
| CVE-2008-5951 | 0.03 | — | 0.02 | Jan 23, 2009 | ASP Template Creature stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for workDB/templatemonster.mdb. | |||
| CVE-2008-5950 | 0.03 | — | 0.01 | Jan 23, 2009 | SQL injection vulnerability in media/media_level.asp in ASP Template Creature allows remote attackers to execute arbitrary SQL commands via the mcatid parameter. | |||
| CVE-2008-5608 | 0.03 | — | 0.03 | Dec 16, 2008 | ASP AutoDealer stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for auto.mdb. | |||
| CVE-2008-5605 | 0.03 | — | 0.02 | Dec 16, 2008 | Multiple SQL injection vulnerabilities in ASP Portal allow remote attackers to execute arbitrary SQL commands via the (1) ItemID parameter to classifieds.asp and the (2) ID parameter to Events.asp. | |||
| CVE-2008-5603 | 0.03 | — | 0.03 | Dec 16, 2008 | ASPTicker 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for news.mdb. | |||
| CVE-2008-5595 | 0.03 | — | 0.01 | Dec 16, 2008 | SQL injection vulnerability in detail.asp in ASP AutoDealer allows remote attackers to execute arbitrary SQL commands via the ID parameter. | |||
| CVE-2008-5562 | 0.03 | — | 0.05 | Dec 15, 2008 | ASPPortal stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for xportal.mdb. | |||
| CVE-2008-5268 | 0.03 | — | 0.01 | Nov 28, 2008 | SQL injection vulnerability in content/forums/reply.asp in ASPPortal allows remote attackers to execute arbitrary SQL commands via the Topic_Id parameter. | |||
| CVE-2006-6848 | 0.03 | — | 0.01 | Dec 31, 2006 | SQL injection vulnerability in admin.asp in ASPTicker 1.0 allows remote attackers to execute arbitrary SQL commands via the PATH_INFO, possibly related to the Password parameter. | |||
| CVE-2006-5879 | 0.03 | — | 0.01 | Nov 14, 2006 | SQL injection vulnerability in default1.asp in ASPPortal 4.0.0 beta and earlier allows remote attackers to execute arbitrary SQL commands via the Poll_ID parameter, a different vector than CVE-2006-1353. | |||
| CVE-2006-1353 | 0.03 | — | 0.04 | Mar 22, 2006 | Multiple SQL injection vulnerabilities in ASPPortal 3.1.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the downloadid parameter in download_click.asp and (2) content_ID parameter in news/News_Item.asp; authenticated administrators can also conduct… | |||
| CVE-2006-1261 | 0.00 | — | 0.01 | Mar 19, 2006 | Multiple cross-site scripting (XSS) vulnerabilities in ASPPortal 3.00 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors. | |||
| CVE-2006-1262 | 0.00 | — | 0.02 | Mar 19, 2006 | Multiple SQL injection vulnerabilities in ASPPortal 3.00 have unknown impact and attack vectors. |
- CVE-2008-6382Mar 2, 2009risk 0.03cvss —epss 0.03
ASP Portal 3.2.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to ASPPortal.mdb.
- CVE-2008-5951Jan 23, 2009risk 0.03cvss —epss 0.02
ASP Template Creature stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for workDB/templatemonster.mdb.
- CVE-2008-5950Jan 23, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in media/media_level.asp in ASP Template Creature allows remote attackers to execute arbitrary SQL commands via the mcatid parameter.
- CVE-2008-5608Dec 16, 2008risk 0.03cvss —epss 0.03
ASP AutoDealer stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for auto.mdb.
- CVE-2008-5605Dec 16, 2008risk 0.03cvss —epss 0.02
Multiple SQL injection vulnerabilities in ASP Portal allow remote attackers to execute arbitrary SQL commands via the (1) ItemID parameter to classifieds.asp and the (2) ID parameter to Events.asp.
- CVE-2008-5603Dec 16, 2008risk 0.03cvss —epss 0.03
ASPTicker 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for news.mdb.
- CVE-2008-5595Dec 16, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in detail.asp in ASP AutoDealer allows remote attackers to execute arbitrary SQL commands via the ID parameter.
- CVE-2008-5562Dec 15, 2008risk 0.03cvss —epss 0.05
ASPPortal stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for xportal.mdb.
- CVE-2008-5268Nov 28, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in content/forums/reply.asp in ASPPortal allows remote attackers to execute arbitrary SQL commands via the Topic_Id parameter.
- CVE-2006-6848Dec 31, 2006risk 0.03cvss —epss 0.01
SQL injection vulnerability in admin.asp in ASPTicker 1.0 allows remote attackers to execute arbitrary SQL commands via the PATH_INFO, possibly related to the Password parameter.
- CVE-2006-5879Nov 14, 2006risk 0.03cvss —epss 0.01
SQL injection vulnerability in default1.asp in ASPPortal 4.0.0 beta and earlier allows remote attackers to execute arbitrary SQL commands via the Poll_ID parameter, a different vector than CVE-2006-1353.
- CVE-2006-1353Mar 22, 2006risk 0.03cvss —epss 0.04
Multiple SQL injection vulnerabilities in ASPPortal 3.1.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the downloadid parameter in download_click.asp and (2) content_ID parameter in news/News_Item.asp; authenticated administrators can also conduct…
- CVE-2006-1261Mar 19, 2006risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in ASPPortal 3.00 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
- CVE-2006-1262Mar 19, 2006risk 0.00cvss —epss 0.02
Multiple SQL injection vulnerabilities in ASPPortal 3.00 have unknown impact and attack vectors.