VYPR
Vendor

Katywhitton

Products
3
CVEs
10
Across products
10
Status
Private

Products

3

Recent CVEs

10
  • CVE-2009-0337Jan 29, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.asp in Katy Whitton BlogIt! allows remote attackers to execute arbitrary SQL commands via the (1) month and (2) year parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party…

  • CVE-2009-0336Jan 29, 2009
    risk 0.03cvss epss 0.02

    Katy Whitton BlogIt! stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing user credentials via a direct request for database/Blog.mdb. NOTE: some of these details are obtained…

  • CVE-2009-0335Jan 29, 2009
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in index.asp in Katy Whitton BlogIt! allows remote attackers to inject arbitrary web script or HTML via the view parameter.

  • CVE-2009-0334Jan 29, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.asp in Katy Whitton BlogIt! allows remote attackers to execute arbitrary SQL commands via the day parameter in an archive action.

  • CVE-2009-0249Jan 22, 2009
    risk 0.03cvss epss 0.02

    Katy Whitton RankEm stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing credentials via a direct request for database/topsites.mdb.

  • CVE-2009-0248Jan 22, 2009
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in rankup.asp in Katy Whitton RankEm allows remote attackers to inject arbitrary web script or HTML via the siteID parameter.

  • CVE-2008-5589Dec 16, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in processlogin.asp in Katy Whitton RankEm allows remote attackers to execute arbitrary SQL commands via the (1) txtusername parameter (aka username field) or the (2) txtpassword parameter (aka password field). NOTE: some of these details are…

  • CVE-2008-5588Dec 16, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in rankup.asp in Katy Whitton RankEm allows remote attackers to execute arbitrary SQL commands via the siteID parameter.

  • CVE-2007-0091Jan 5, 2007
    risk 0.03cvss epss 0.02

    newsCMSlite stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for newsCMS.mdb.

  • CVE-2006-2636May 30, 2006
    risk 0.03cvss epss 0.04

    newsadmin.asp in Katy Whitton NewsCMSLite allows remote attackers to bypass authentication and gain administrative access by setting the loggedIn cookie to "xY1zZoPQ".