Vulnerabilities > Aspportal

DATE CVE VULNERABILITY TITLE RISK
2009-03-02 CVE-2008-6382 Permissions, Privileges, and Access Controls vulnerability in Aspportal 3.2.5
ASP Portal 3.2.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to ASPPortal.mdb.
network
low complexity
aspportal CWE-264
5.0
2008-11-28 CVE-2008-5268 SQL Injection vulnerability in Aspportal Free
SQL injection vulnerability in content/forums/reply.asp in ASPPortal allows remote attackers to execute arbitrary SQL commands via the Topic_Id parameter.
network
low complexity
aspportal CWE-89
7.5
2006-11-14 CVE-2006-5879 SQL Injection vulnerability in Aspportal 3.0.0/3.1.0/3.1.1
SQL injection vulnerability in default1.asp in ASPPortal 4.0.0 beta and earlier allows remote attackers to execute arbitrary SQL commands via the Poll_ID parameter, a different vector than CVE-2006-1353.
network
low complexity
aspportal
7.5
2006-03-22 CVE-2006-1353 SQL Injection vulnerability in Aspportal 3.0.0/3.1.0/3.1.1
Multiple SQL injection vulnerabilities in ASPPortal 3.1.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the downloadid parameter in download_click.asp and (2) content_ID parameter in news/News_Item.asp; authenticated administrators can also conduct attacks via (3) user_id parameter to users/add_edit_user.asp, (4) bannerid parameter to banner_adds/banner_add_edit.asp, (5) cat_id parameter to categories/add_edit_cat.asp, (6) Content_ID parameter to News/add_edit_news.asp, (7) download_id parameter to downloads/add_edit_download.asp, (8) Poll_ID parameter to poll/add_edit_poll.asp, (9) contactid parameter to contactus/contactus_add_edit.asp, (10) sortby parameter to poll/poll_list.asp, and (11) unspecified inputs to downloads/add_edit_download.asp.
network
low complexity
aspportal
7.5
2006-03-19 CVE-2006-1262 Input Validation vulnerability in Aspportal 3.0.0
Multiple SQL injection vulnerabilities in ASPPortal 3.00 have unknown impact and attack vectors.
network
low complexity
aspportal
7.5
2006-03-19 CVE-2006-1261 Input Validation vulnerability in Aspportal 3.0.0
Multiple cross-site scripting (XSS) vulnerabilities in ASPPortal 3.00 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
network
aspportal
4.3