Vulnerabilities > Toddwoolums

DATE CVE VULNERABILITY TITLE RISK
2009-04-21 CVE-2008-6739 Improper Authentication vulnerability in Toddwoolums ASP Download 1.03
Todd Woolums ASP Download management script 1.03 does not require authentication for setupdownload.asp, which allows remote attackers to gain administrator privileges via a direct request.
network
low complexity
toddwoolums CWE-287
7.5
2008-11-28 CVE-2008-5274 Permissions, Privileges, and Access Controls vulnerability in Toddwoolums Todd Woolums ASP News Management 2.2
Todd Woolums ASP News Management 2.2 allows remote attackers to obtain news items via a direct request to (1) rss.asp, (2) viewheadings.asp, or (3) viewnews.asp.
network
low complexity
toddwoolums CWE-264
5.0
2008-11-28 CVE-2008-5273 SQL Injection vulnerability in Toddwoolums Todd Woolums ASP News Management 2.2
SQL injection vulnerability in viewnews.asp in Todd Woolums ASP News Management 2.2 allows remote attackers to execute arbitrary SQL commands via the newsID parameter.
network
low complexity
toddwoolums CWE-89
7.5