Vulnerabilities > CVE-2004-2060 - Multiple vulnerability in XLineSoft ASPRunner
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
ASPRunner 2.4 stores the database under the web root in the db directory, which may allow remote attackers to obtain the database via a direct request to the database filename, which is predictable based on table and field names.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 6 |
Exploit-Db
description | XLineSoft ASPRunner 1.0/2.x Database Direct Request Information Disclosure. CVE-2004-2060. Webapps exploit for asp platform |
id | EDB-ID:24317 |
last seen | 2016-02-02 |
modified | 2004-07-26 |
published | 2004-07-26 |
reporter | Ferruh Mavituna |
source | https://www.exploit-db.com/download/24317/ |
title | XLineSoft ASPRunner 1.0/2.x Database Direct Request Information Disclosure |
Nessus
NASL family | CGI abuses |
NASL id | ASPRUNNER_MULT.NASL |
description | The remote host is running ASPrunner prior to version 2.5. There are multiple flaws in this version of ASPrunner which would enable a remote attacker to read and/or modify potentially confidential data. An attacker, exploiting this flaw, would need access to the web server via the network. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 14233 |
published | 2004-08-09 |
reporter | This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/14233 |
title | ASPrunner 2.4 Multiple Vulnerabilities |
code |
|
References
- http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0011.html
- http://ferruh.mavituna.com/article/?574
- http://marc.info/?l=bugtraq&m=109086977330418&w=2
- http://secunia.com/advisories/12164
- http://securitytracker.com/id?1010777
- http://www.osvdb.org/8253
- http://www.securityfocus.com/bid/10799
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16802