Vulnerabilities > Dotnetindex > Professional Download Assistant

DATE CVE VULNERABILITY TITLE RISK
2008-12-15 CVE-2008-5572 Permissions, Privileges, and Access Controls vulnerability in Dotnetindex Professional Download Assistant 0.1
Professional Download Assistant 0.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for database/downloads.mdb.
network
low complexity
dotnetindex CWE-264
5.0
5.0
2008-12-15 CVE-2008-5571 SQL Injection vulnerability in Dotnetindex Professional Download Assistant 0.1
SQL injection vulnerability in admin/login.asp in Professional Download Assistant 0.1 allows remote attackers to execute arbitrary SQL commands via the (1) uname parameter (aka user field) or the (2) psw parameter (aka passwd field).
network
low complexity
dotnetindex CWE-89
7.5
7.5