Vulnerabilities > Fipsasp > Fipsforum

DATE CVE VULNERABILITY TITLE RISK
2010-03-02 CVE-2010-0765 Permissions, Privileges, and Access Controls vulnerability in Fipsasp Fipsforum 2.6
fipsForum 2.6 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for _database/forumFips.mdb.
network
low complexity
fipsasp CWE-264
5.0
5.0
2006-11-26 CVE-2006-6116 SQL Injection vulnerability in FipsForum Default2.ASP
SQL injection vulnerability in default2.asp in fipsForum 2.6 and earlier allows remote attackers to execute arbitrary SQL commands via the kat parameter.
network
low complexity
fipsasp
7.5
7.5