Vulnerabilities > Aspindir > Medium

DATE CVE VULNERABILITY TITLE RISK
2010-11-02 CVE-2010-4145 Permissions, Privileges, and Access Controls vulnerability in Aspindir Kisisel Radyo Script
Kisisel Radyo Script stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for sevvo/eco23.mdb.
network
low complexity
aspindir CWE-264
5.0
2010-05-06 CVE-2010-1736 Permissions, Privileges, and Access Controls vulnerability in Aspindir KRM Haber 1.0
KrM Haber 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for d_atabase/Krmdb.mdb.
network
low complexity
aspindir CWE-264
5.0
2010-04-27 CVE-2009-4820 Permissions, Privileges, and Access Controls vulnerability in Aspindir Angelo-Emlak 1.0
Angelo-Emlak 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for veribaze/angelo.mdb.
network
low complexity
aspindir CWE-264
5.0
2010-03-25 CVE-2010-1116 Permissions, Privileges, and Access Controls vulnerability in Aspindir Lookmer Muzik Portal
LookMer Music Portal stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for dbmdb/LookMerSarkiMDB.mdb.
network
low complexity
aspindir CWE-264
5.0
2010-03-23 CVE-2010-1064 Permissions, Privileges, and Access Controls vulnerability in Aspindir Erolife Ajxgaleri VT
Erolife AjxGaleri VT stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/ajxgaleri.mdb.
network
low complexity
aspindir CWE-264
5.0
2010-01-06 CVE-2009-4585 Permissions, Privileges, and Access Controls vulnerability in Aspindir Uranyumsoft Listing Service
UranyumSoft Listing Service stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/db.mdb.
network
low complexity
aspindir CWE-264
5.0
2009-04-07 CVE-2008-6641 SQL Injection vulnerability in Aspindir Shader TV
Multiple SQL injection vulnerabilities in Shader TV (Beta) allow remote authenticated administrators to execute arbitrary SQL commands via the sid parameter to (1) kanal.asp, (2) google.asp, and (3) hakk.asp in yonet/; and allow remote attackers to execute arbitrary SQL commands via the (4) username or (5) password fields to yonet/default.asp.
network
low complexity
aspindir CWE-89
6.5
2008-06-26 CVE-2008-2873 Permissions, Privileges, and Access Controls vulnerability in Aspindir Shibby Shop
sHibby sHop 2.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request to Db/urun.mdb.
network
low complexity
aspindir CWE-264
5.0
2008-05-01 CVE-2008-2048 Cross-Site Scripting vulnerability in Aspindir Angelo-Emlak 1.0
Cross-site scripting (XSS) vulnerability in hpz/admin/Default.asp in Angelo-Emlak 1.0 allows remote attackers to inject arbitrary web script or HTML via the sayfa parameter.
network
aspindir CWE-79
4.3
2007-08-20 CVE-2007-4434 Cross-Site Scripting vulnerability in Aspindir Text File Search 0
Cross-site scripting (XSS) vulnerability in textfilesearch.asp in the Text File Search ASP (Classic) edition allows remote attackers to inject arbitrary web script or HTML via the query parameter.
network
aspindir
4.3