Vulnerabilities > Aspindir > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2010-11-02 | CVE-2010-4145 | Permissions, Privileges, and Access Controls vulnerability in Aspindir Kisisel Radyo Script Kisisel Radyo Script stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for sevvo/eco23.mdb. | 5.0 |
2010-05-06 | CVE-2010-1736 | Permissions, Privileges, and Access Controls vulnerability in Aspindir KRM Haber 1.0 KrM Haber 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for d_atabase/Krmdb.mdb. | 5.0 |
2010-04-27 | CVE-2009-4820 | Permissions, Privileges, and Access Controls vulnerability in Aspindir Angelo-Emlak 1.0 Angelo-Emlak 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for veribaze/angelo.mdb. | 5.0 |
2010-03-25 | CVE-2010-1116 | Permissions, Privileges, and Access Controls vulnerability in Aspindir Lookmer Muzik Portal LookMer Music Portal stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for dbmdb/LookMerSarkiMDB.mdb. | 5.0 |
2010-03-23 | CVE-2010-1064 | Permissions, Privileges, and Access Controls vulnerability in Aspindir Erolife Ajxgaleri VT Erolife AjxGaleri VT stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/ajxgaleri.mdb. | 5.0 |
2010-01-06 | CVE-2009-4585 | Permissions, Privileges, and Access Controls vulnerability in Aspindir Uranyumsoft Listing Service UranyumSoft Listing Service stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/db.mdb. | 5.0 |
2009-04-07 | CVE-2008-6641 | SQL Injection vulnerability in Aspindir Shader TV Multiple SQL injection vulnerabilities in Shader TV (Beta) allow remote authenticated administrators to execute arbitrary SQL commands via the sid parameter to (1) kanal.asp, (2) google.asp, and (3) hakk.asp in yonet/; and allow remote attackers to execute arbitrary SQL commands via the (4) username or (5) password fields to yonet/default.asp. | 6.5 |
2008-06-26 | CVE-2008-2873 | Permissions, Privileges, and Access Controls vulnerability in Aspindir Shibby Shop sHibby sHop 2.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request to Db/urun.mdb. | 5.0 |
2008-05-01 | CVE-2008-2048 | Cross-Site Scripting vulnerability in Aspindir Angelo-Emlak 1.0 Cross-site scripting (XSS) vulnerability in hpz/admin/Default.asp in Angelo-Emlak 1.0 allows remote attackers to inject arbitrary web script or HTML via the sayfa parameter. | 4.3 |
2007-08-20 | CVE-2007-4434 | Cross-Site Scripting vulnerability in Aspindir Text File Search 0 Cross-site scripting (XSS) vulnerability in textfilesearch.asp in the Text File Search ASP (Classic) edition allows remote attackers to inject arbitrary web script or HTML via the query parameter. network aspindir | 4.3 |