Vulnerabilities > Dotnetindex
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-12-16 | CVE-2008-5596 | Permissions, Privileges, and Access Controls vulnerability in Dotnetindex Ikon Admanager Ikon AdManager 2.1 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for ikonBAnner_AdManager.mdb. | 5.0 |
| 2008-12-15 | CVE-2008-5572 | Permissions, Privileges, and Access Controls vulnerability in Dotnetindex Professional Download Assistant 0.1 Professional Download Assistant 0.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for database/downloads.mdb. | 5.0 |
| 2008-12-15 | CVE-2008-5571 | SQL Injection vulnerability in Dotnetindex Professional Download Assistant 0.1 SQL injection vulnerability in admin/login.asp in Professional Download Assistant 0.1 allows remote attackers to execute arbitrary SQL commands via the (1) uname parameter (aka user field) or the (2) psw parameter (aka passwd field). | 7.5 |
| 2006-11-24 | CVE-2006-6096 | Cross-Site Scripting vulnerability in Dotnetindex Active News Manager Cross-site scripting (XSS) vulnerability in activenews_search.asp in ActiveNews Manager allows remote attackers to inject arbitrary web script or HTML via the query parameter. | 4.3 |
| 2006-11-24 | CVE-2006-6095 | SQL Injection vulnerability in Dotnetindex Active News Manager Multiple SQL injection vulnerabilities in ActiveNews Manager allow remote attackers to execute arbitrary SQL commands via the (1) articleID parameter to activenews_view.asp or the (2) page parameter to default.asp. | 7.5 |