Vulnerabilities > Aspindir > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-08-06 | CVE-2008-3495 | SQL Injection vulnerability in Aspindir Pcshey Portal SQL injection vulnerability in kategori.asp in Pcshey Portal allows remote attackers to execute arbitrary SQL commands via the kid parameter. | 7.5 |
| 2008-06-26 | CVE-2008-2882 | Permissions, Privileges, and Access Controls vulnerability in Aspindir Shibby Shop upgrade.asp in sHibby sHop 2.2 and earlier does not require administrative authentication, which allows remote attackers to update a file or have unspecified other impact via a direct request. | 7.5 |
| 2008-06-26 | CVE-2008-2872 | SQL Injection vulnerability in Aspindir Shibby Shop SQL injection vulnerability in default.asp in sHibby sHop 2.2 and earlier allows remote attackers to execute arbitrary SQL commands via the sayfa parameter. | 7.5 |
| 2008-05-27 | CVE-2008-2448 | SQL Injection vulnerability in Aspindir Meto Forum 1.1 Multiple SQL injection vulnerabilities in Meto Forum 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) admin/duzenle.asp and (b) admin_oku.asp; the (2) kid parameter to (c) kategori.asp and (d) admin_kategori.asp; and unspecified parameters to (e) uye.asp and (f) oku.asp. | 7.5 |
| 2008-05-19 | CVE-2008-2334 | SQL Injection vulnerability in Aspindir Philboard 0.5 Multiple SQL injection vulnerabilities in W1L3D4 Philboard 0.5 allow remote attackers to execute arbitrary SQL commands via the (1) forumid parameter to (a) admin/philboard_admin-forumedit.asp, (b) admin/philboard_admin-forum.asp, and (c) W1L3D4_foruma_yeni_konu_ac.asp; the (2) id parameter to (d) W1L3D4_konuoku.asp and (e) W1L3D4_konuya_mesaj_yaz.asp; and the (3) topic parameter to W1L3D4_konuya_mesaj_yaz.asp, different vectors than CVE-2008-1939, CVE-2007-2641, and CVE-2007-0920. | 7.5 |
| 2008-05-01 | CVE-2008-2047 | SQL Injection vulnerability in Aspindir Angelo-Emlak 1.0 Multiple SQL injection vulnerabilities in Angelo-Emlak 1.0 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) hpz/profil.asp and (2) hpz/prodetail.asp. | 7.5 |
| 2008-04-25 | CVE-2008-1939 | SQL Injection vulnerability in Aspindir Philboard 1.0 Multiple SQL injection vulnerabilities in W1L3D4 Philboard 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) topic parameters to (a) philboard_reply.asp, and the (3) forumid parameter to (b) philboard_newtopic.asp, different vectors than CVE-2007-2641 and CVE-2007-0920. | 7.5 |
| 2007-07-18 | CVE-2007-3884 | SQL Injection vulnerability in Aspindir Husrevforum 1.0.1/2.0.1 SQL injection vulnerability in philboard_forum.asp in husrevforum 1.0.1 allows remote attackers to execute arbitrary SQL commands via the forumid parameter. | 7.5 |
| 2007-03-07 | CVE-2006-7161 | SQL-Injection vulnerability in Aspindir Hazirsite 2.0 SQL injection vulnerability in giris_yap.asp in Hazir Site 2.0 allows remote attackers to bypass authentication via the (1) k_a class or (2) sifre parameter. | 7.5 |
| 2006-12-07 | CVE-2006-6337 | SQL Injection vulnerability in Aspindir Aspee Ziyaretci Defteri Multiple SQL injection vulnerabilities in giris.asp in Aspee and Dogantepe Ziyaretci Defteri allow remote attackers to execute arbitrary SQL commands via the (1) kullanici or (2) parola parameter. | 7.5 |