Vulnerabilities > Portalapp
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-10-20 | CVE-2008-4615 | Remote Security vulnerability in Portalapp 4.0 Unspecified vulnerability in i_utils.asp in PortalApp before 4.01a has unknown impact and attack vectors. | 10.0 |
2008-10-20 | CVE-2008-4614 | Improper Authentication vulnerability in Portalapp 4.0 PortalApp 4.0 does not require authentication for (1) forums.asp and (2) content.asp, which allows remote attackers to create and delete forums, topics, and replies. | 7.5 |
2008-10-20 | CVE-2008-4613 | SQL Injection vulnerability in Portalapp 4.0 SQL injection vulnerability in forums.asp in PortalApp 4.0 allows remote attackers to execute arbitrary SQL commands via the sortby parameter. | 7.5 |
2008-10-20 | CVE-2008-4612 | Cross-Site Scripting vulnerability in Portalapp 4.0 Cross-site scripting (XSS) vulnerability in PortalApp 4.0 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter to (1) forums.asp and (2) content.asp. | 4.3 |
2007-06-18 | CVE-2007-3252 | Information Disclosure vulnerability in Portalapp PortalApp stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for 8691.mdb, a different vector than CVE-2004-1786. | 7.8 |