Vulnerabilities > Toddwoolums
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-04-21 | CVE-2008-6739 | Improper Authentication vulnerability in Toddwoolums ASP Download 1.03 Todd Woolums ASP Download management script 1.03 does not require authentication for setupdownload.asp, which allows remote attackers to gain administrator privileges via a direct request. | 7.5 |
2008-11-28 | CVE-2008-5274 | Permissions, Privileges, and Access Controls vulnerability in Toddwoolums Todd Woolums ASP News Management 2.2 Todd Woolums ASP News Management 2.2 allows remote attackers to obtain news items via a direct request to (1) rss.asp, (2) viewheadings.asp, or (3) viewnews.asp. | 5.0 |
2008-11-28 | CVE-2008-5273 | SQL Injection vulnerability in Toddwoolums Todd Woolums ASP News Management 2.2 SQL injection vulnerability in viewnews.asp in Todd Woolums ASP News Management 2.2 allows remote attackers to execute arbitrary SQL commands via the newsID parameter. | 7.5 |