Vulnerabilities > Aspportal

DATE	CVE	VULNERABILITY TITLE	RISK
2009-03-02	CVE-2008-6382	Permissions, Privileges, and Access Controls vulnerability in Aspportal 3.2.5 ASP Portal 3.2.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to ASPPortal.mdb. network low complexity aspportal CWE-264	5.0
2008-11-28	CVE-2008-5268	SQL Injection vulnerability in Aspportal Free SQL injection vulnerability in content/forums/reply.asp in ASPPortal allows remote attackers to execute arbitrary SQL commands via the Topic_Id parameter. network low complexity aspportal CWE-89	7.5
2006-11-14	CVE-2006-5879	SQL Injection vulnerability in Aspportal 3.0.0/3.1.0/3.1.1 SQL injection vulnerability in default1.asp in ASPPortal 4.0.0 beta and earlier allows remote attackers to execute arbitrary SQL commands via the Poll_ID parameter, a different vector than CVE-2006-1353. network low complexity aspportal	7.5
2006-03-22	CVE-2006-1353	SQL Injection vulnerability in Aspportal 3.0.0/3.1.0/3.1.1 Multiple SQL injection vulnerabilities in ASPPortal 3.1.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the downloadid parameter in download_click.asp and (2) content_ID parameter in news/News_Item.asp; authenticated administrators can also conduct attacks via (3) user_id parameter to users/add_edit_user.asp, (4) bannerid parameter to banner_adds/banner_add_edit.asp, (5) cat_id parameter to categories/add_edit_cat.asp, (6) Content_ID parameter to News/add_edit_news.asp, (7) download_id parameter to downloads/add_edit_download.asp, (8) Poll_ID parameter to poll/add_edit_poll.asp, (9) contactid parameter to contactus/contactus_add_edit.asp, (10) sortby parameter to poll/poll_list.asp, and (11) unspecified inputs to downloads/add_edit_download.asp. network low complexity aspportal	7.5
2006-03-19	CVE-2006-1262	Input Validation vulnerability in Aspportal 3.0.0 Multiple SQL injection vulnerabilities in ASPPortal 3.00 have unknown impact and attack vectors. network low complexity aspportal	7.5
2006-03-19	CVE-2006-1261	Input Validation vulnerability in Aspportal 3.0.0 Multiple cross-site scripting (XSS) vulnerabilities in ASPPortal 3.00 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors. network aspportal	4.3

Vulnerabilities > Aspportal {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Aspportal"}]}

Vulnerabilities > Aspportal