Fullrevolution
Products
3- 3 CVEs
- 3 CVEs
- 2 CVEs
Recent CVEs
8| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2008-2832 | 0.04 | — | 0.12 | Jun 24, 2008 | Unrestricted file upload vulnerability in calendar_admin.asp in Full Revolution aspWebCalendar 2008 allows remote attackers to upload and execute arbitrary code via the FILE1 parameter in an uploadfileprocess action, probably followed by a direct request to the file in… | |||
| CVE-2008-6978 | 0.03 | — | 0.04 | Aug 19, 2009 | Unrestricted file upload vulnerability in Full Revolution aspWebAlbum 3.2 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in pics/, related to the uploadmedia action in… | |||
| CVE-2008-6977 | 0.03 | — | 0.02 | Aug 19, 2009 | Cross-site scripting (XSS) vulnerability in album.asp in Full Revolution aspWebAlbum 3.2 allows remote attackers to inject arbitrary web script or HTML via the message parameter in a summary action. | |||
| CVE-2006-2847 | 0.03 | — | 0.01 | Jun 6, 2006 | SQL injection vulnerability in links.asp in aspWebLinks 2.0 allows remote attackers to execute arbitrary SQL commands via the linkID parameter. | |||
| CVE-2006-2848 | 0.03 | — | 0.02 | Jun 6, 2006 | links.asp in aspWebLinks 2.0 allows remote attackers to change the administrative password, possibly via a direct request with a modified txtAdministrativePassword field. | |||
| CVE-2004-1553 | 0.03 | — | 0.02 | Dec 31, 2004 | SQL injection vulnerability in aspWebAlbum allows remote attackers to execute arbitrary SQL statements via (1) the username field on the login page or (2) the cat parameter to album.asp. NOTE: it was later reported that vector 1 affects aspWebAlbum 3.2, and the vector involves… | |||
| CVE-2004-1552 | 0.03 | — | 0.04 | Dec 31, 2004 | SQL injection vulnerability in aspWebCalendar allows remote attackers to execute arbitrary SQL statements via (1) the username field on the login page or (2) the eventid parameter to calendar.asp. | |||
| CVE-2009-1223 | 0.00 | — | 0.01 | Apr 2, 2009 | aspWebCalendar Free Edition stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user credentials via a direct request for calendar/calendar.mdb. |
- CVE-2008-2832Jun 24, 2008risk 0.04cvss —epss 0.12
Unrestricted file upload vulnerability in calendar_admin.asp in Full Revolution aspWebCalendar 2008 allows remote attackers to upload and execute arbitrary code via the FILE1 parameter in an uploadfileprocess action, probably followed by a direct request to the file in…
- CVE-2008-6978Aug 19, 2009risk 0.03cvss —epss 0.04
Unrestricted file upload vulnerability in Full Revolution aspWebAlbum 3.2 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in pics/, related to the uploadmedia action in…
- CVE-2008-6977Aug 19, 2009risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in album.asp in Full Revolution aspWebAlbum 3.2 allows remote attackers to inject arbitrary web script or HTML via the message parameter in a summary action.
- CVE-2006-2847Jun 6, 2006risk 0.03cvss —epss 0.01
SQL injection vulnerability in links.asp in aspWebLinks 2.0 allows remote attackers to execute arbitrary SQL commands via the linkID parameter.
- CVE-2006-2848Jun 6, 2006risk 0.03cvss —epss 0.02
links.asp in aspWebLinks 2.0 allows remote attackers to change the administrative password, possibly via a direct request with a modified txtAdministrativePassword field.
- CVE-2004-1553Dec 31, 2004risk 0.03cvss —epss 0.02
SQL injection vulnerability in aspWebAlbum allows remote attackers to execute arbitrary SQL statements via (1) the username field on the login page or (2) the cat parameter to album.asp. NOTE: it was later reported that vector 1 affects aspWebAlbum 3.2, and the vector involves…
- CVE-2004-1552Dec 31, 2004risk 0.03cvss —epss 0.04
SQL injection vulnerability in aspWebCalendar allows remote attackers to execute arbitrary SQL statements via (1) the username field on the login page or (2) the eventid parameter to calendar.asp.
- CVE-2009-1223Apr 2, 2009risk 0.00cvss —epss 0.01
aspWebCalendar Free Edition stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user credentials via a direct request for calendar/calendar.mdb.