Vulnerabilities > Aspapps

DATE CVE VULNERABILITY TITLE RISK
2009-01-23 CVE-2008-5951 Permissions, Privileges, and Access Controls vulnerability in Aspapps Template Creature NIL
ASP Template Creature stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for workDB/templatemonster.mdb.
network
low complexity
aspapps CWE-264
5.0
5.0
2009-01-23 CVE-2008-5950 SQL Injection vulnerability in Aspapps Template Creature NIL
SQL injection vulnerability in media/media_level.asp in ASP Template Creature allows remote attackers to execute arbitrary SQL commands via the mcatid parameter.
network
low complexity
aspapps CWE-89
7.5
7.5
2008-12-16 CVE-2008-5608 Permissions, Privileges, and Access Controls vulnerability in Aspapps ASP Autodealer NIL
ASP AutoDealer stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for auto.mdb.
network
low complexity
aspapps CWE-264
5.0
5.0
2008-12-16 CVE-2008-5605 SQL Injection vulnerability in Aspapps Aspportal NIL
Multiple SQL injection vulnerabilities in ASP Portal allow remote attackers to execute arbitrary SQL commands via the (1) ItemID parameter to classifieds.asp and the (2) ID parameter to Events.asp.
network
low complexity
aspapps CWE-89
7.5
7.5
2008-12-16 CVE-2008-5603 Permissions, Privileges, and Access Controls vulnerability in Aspapps Aspticker 1.0
ASPTicker 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for news.mdb.
network
low complexity
aspapps CWE-264
5.0
5.0
2008-12-16 CVE-2008-5595 SQL Injection vulnerability in Aspapps ASP Autodealer NIL
SQL injection vulnerability in detail.asp in ASP AutoDealer allows remote attackers to execute arbitrary SQL commands via the ID parameter.
network
low complexity
aspapps CWE-89
7.5
7.5
2008-12-15 CVE-2008-5562 Permissions, Privileges, and Access Controls vulnerability in Aspapps Aspportal NIL
ASPPortal stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for xportal.mdb.
network
low complexity
aspapps CWE-264
5.0
5.0