VYPR
Vendor

Codeavalanche

Products
8
CVEs
10
Across products
10
Status
Private

Products

8

Recent CVEs

10
  • CVE-2008-5900Jan 12, 2009
    risk 0.04cvss epss 0.06

    CodeAvalanche Articles stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CAArticles.mdb. NOTE: some of these…

  • CVE-2008-5899Jan 12, 2009
    risk 0.04cvss epss 0.06

    CodeAvalanche FreeForAll stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CAFFAPage.mdb. NOTE: some of these…

  • CVE-2008-5898Jan 12, 2009
    risk 0.04cvss epss 0.06

    CodeAvalanche Directory stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CADirectory.mdb. NOTE: some of these…

  • CVE-2008-5897Jan 12, 2009
    risk 0.04cvss epss 0.06

    CodeAvalanche FreeWallpaper stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CAFreeWallpaper.mdb. NOTE: some of…

  • CVE-2008-5932Jan 21, 2009
    risk 0.03cvss epss 0.06

    CodeAvalanche FreeForum stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the password via a direct request for _private/CAForum.mdb. NOTE: some of these details are obtained…

  • CVE-2008-5896Jan 12, 2009
    risk 0.03cvss epss 0.02

    CodeAvalanche RateMySite stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CARateMySite.mdb. NOTE: some of these…

  • CVE-2007-1021Feb 21, 2007
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in inc_listnews.asp in CodeAvalanche News 1.x allows remote attackers to execute arbitrary SQL commands via the CAT_ID parameter.

  • CVE-2006-2927Jun 9, 2006
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in post.asp in CodeAvalanche FreeForum (aka CAForum) 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) msg_subject and (2) msg_body parameters. NOTE: The provenance of this information is unknown;…

  • CVE-2006-2822Jun 5, 2006
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in admin/default.asp in Dusan Drobac CodeAvalanche FreeForum (aka CAForum) 1.0 allows remote attackers to execute arbitrary SQL commands via the password parameter.

  • CVE-2006-2500May 20, 2006
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in add_news.asp in CodeAvalanche News (CANews) 1.2 allows remote attackers to inject arbitrary web script or HTML via the Headline field. NOTE: if this issue is limited to administrators, and if it is expected behavior for administrators…