Vulnerabilities > Aspapps
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-01-23 | CVE-2008-5951 | Permissions, Privileges, and Access Controls vulnerability in Aspapps Template Creature NIL ASP Template Creature stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for workDB/templatemonster.mdb. | 5.0 |
2009-01-23 | CVE-2008-5950 | SQL Injection vulnerability in Aspapps Template Creature NIL SQL injection vulnerability in media/media_level.asp in ASP Template Creature allows remote attackers to execute arbitrary SQL commands via the mcatid parameter. | 7.5 |
2008-12-16 | CVE-2008-5608 | Permissions, Privileges, and Access Controls vulnerability in Aspapps ASP Autodealer NIL ASP AutoDealer stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for auto.mdb. | 5.0 |
2008-12-16 | CVE-2008-5605 | SQL Injection vulnerability in Aspapps Aspportal NIL Multiple SQL injection vulnerabilities in ASP Portal allow remote attackers to execute arbitrary SQL commands via the (1) ItemID parameter to classifieds.asp and the (2) ID parameter to Events.asp. | 7.5 |
2008-12-16 | CVE-2008-5603 | Permissions, Privileges, and Access Controls vulnerability in Aspapps Aspticker 1.0 ASPTicker 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for news.mdb. | 5.0 |
2008-12-16 | CVE-2008-5595 | SQL Injection vulnerability in Aspapps ASP Autodealer NIL SQL injection vulnerability in detail.asp in ASP AutoDealer allows remote attackers to execute arbitrary SQL commands via the ID parameter. | 7.5 |
2008-12-15 | CVE-2008-5562 | Permissions, Privileges, and Access Controls vulnerability in Aspapps Aspportal NIL ASPPortal stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for xportal.mdb. | 5.0 |