Vulnerabilities > ASP Nuke
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-05-30 | CVE-2007-2892 | Cross-Site Scripting vulnerability in Asp-Nuke 2.0.7 Cross-site scripting (XSS) vulnerability in news.asp in ASP-Nuke 2.0.7 allows remote attackers to inject arbitrary web script or HTML via the id parameter. network asp-nuke | 4.3 |
2007-03-07 | CVE-2006-7152 | Privilege Escalation vulnerability in Asp-Nuke Community Cookie default.asp in ASP-Nuke Community 1.5 and earlier allows remote attackers to gain privileges by setting certain pseudo cookie values. network asp-nuke | 8.5 |
2006-11-22 | CVE-2006-6070 | SQL-Injection vulnerability in ASP-Nuke SQL injection vulnerability in module/account/register/register.asp in ASP Nuke 0.80 and earlier allows remote attackers to execute arbitrary SQL commands via the StateCode parameter. | 7.5 |
2005-06-29 | CVE-2005-2067 | SQL Injection vulnerability in ASPNuke Article.ASP SQL injection vulnerability in article.asp in unknown versions of aspnuke allows remote attackers to execute arbitrary SQL commands via the articleid parameter. | 7.5 |
2005-06-29 | CVE-2005-2066 | SQL Injection vulnerability in Asp-Nuke 0.80 SQL injection vulnerability in comment_post.asp in ASP Nuke 0.80 allows remote attackers to execute arbitrary SQL statements via the TaskID parameter. | 7.5 |
2005-06-29 | CVE-2005-2065 | Unspecified vulnerability in Asp-Nuke 0.80 HTTP response splitting vulnerability in language_select.asp in ASP Nuke 0.80 allows remote attackers to spoof web content and poison web caches via CRLF ("%0d%0a") sequences in the LangCode parameter. | 5.0 |
2005-06-29 | CVE-2005-2064 | Cross-Site Scripting vulnerability in Asp-Nuke 0.80 Multiple cross-site scripting vulnerabilities in ASP Nuke 0.80 allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to forgot_password.asp, or the (2) FirstName, (3) LastName, (4) Username, (5) Password, (6) Address1, (7) Address2, (8) City, (9) ZipCode, (10) Email parameter to register.asp. | 5.0 |
2004-12-31 | CVE-2004-1788 | Remote User Database Access vulnerability in ASP-Nuke 1.0/1.2/1.3 ASP-Nuke 1.3 and earlier places user credentials under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to main.mdb. | 5.0 |
2002-08-12 | CVE-2002-0524 | Information Disclosure vulnerability in ASP-Nuke Forged Cookie ASP-Nuke RC2 and earlier allows remote attackers to determine the absolute path of the server by (1) calling database-inc.asp with incorrect cookies, or (2) calling Post.asp with certain arguments, which leak the pathname in an error message. | 5.0 |
2002-08-12 | CVE-2002-0523 | Information Disclosure vulnerability in ASP-Nuke Forged Cookie ASP-Nuke RC2 and earlier allows remote attackers to list all logged-in users by submitting an invalid "pseudo" cookie. | 5.0 |