VYPR
Vendor

Xlinesoft

Products
3
CVEs
9
Across products
9
Status
Private

Products

3

Recent CVEs

9
  • CVE-2009-0964HigMar 19, 2009
    risk 0.52cvss 7.5epss 0.02

    UserView_list.php in PHPRunner 4.2, and possibly earlier, stores passwords in cleartext in the database, which allows attackers to gain privileges. NOTE: this can be leveraged with a separate SQL injection vulnerability to obtain passwords remotely without authentication.

  • CVE-2019-25659MedApr 5, 2026
    risk 0.40cvss 6.2epss 0.00

    ASPRunner Professional 6.0.766 contains a local buffer overflow vulnerability that allows attackers to cause a denial of service by supplying an excessively long project name. Attackers can paste 180 or more characters into the Project name field during project creation to…

  • CVE-2019-25594MedMar 22, 2026
    risk 0.40cvss 6.2epss 0.00

    ASPRunner.NET 10.1 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the table name field. Attackers can input a buffer of 10000 characters in the table name parameter during database table…

  • CVE-2004-2060Dec 31, 2004
    risk 0.04cvss epss 0.08

    ASPRunner 2.4 stores the database under the web root in the db directory, which may allow remote attackers to obtain the database via a direct request to the database filename, which is predictable based on table and field names.

  • CVE-2004-2059Dec 31, 2004
    risk 0.04cvss epss 0.09

    Multiple cross-site scripting vulnerabilities in ASPRunner 2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) SearchFor parameter in [TABLE-NAME]_search.asp, (2) SQL parameter in [TABLE-NAME]_edit.asp, (3) SearchFor parameter in [TABLE]_list.asp, or…

  • CVE-2009-0963Mar 19, 2009
    risk 0.03cvss epss 0.02

    Multiple SQL injection vulnerabilities in PHPRunner 4.2, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the SearchField parameter to (1) UserView_list.php, (2) orders_list.php, (3) users_list.php, and (4) Administrator_list.php.

  • CVE-2006-5956Nov 17, 2006
    risk 0.00cvss epss 0.00

    XLineSoft PHPRunner 3.1 stores the (1) database server name, (2) database names, (3) usernames, and (4) passwords in plaintext in %WINDIR%\PHPRunner.ini, which allows local users to obtain sensitive information by reading the file.

  • CVE-2004-2057Dec 31, 2004
    risk 0.00cvss epss 0.02

    SQL injection vulnerability in ASPRunner 2.4 allows remote attackers to execute arbitrary SQL statements.

  • CVE-2004-2058Dec 31, 2004
    risk 0.00cvss epss 0.02

    ASPRunner 2.4 allows remote attackers to gain sensitive information via (1) hidden form fields or (2) error messages.