Vulnerabilities > Xlinesoft

DATE CVE VULNERABILITY TITLE RISK
2009-03-19 CVE-2009-0964 Cleartext Storage of Sensitive Information vulnerability in Xlinesoft PHPrunner
UserView_list.php in PHPRunner 4.2, and possibly earlier, stores passwords in cleartext in the database, which allows attackers to gain privileges.
network
low complexity
xlinesoft CWE-312
7.5
2009-03-19 CVE-2009-0963 SQL Injection vulnerability in Xlinesoft PHPrunner 3.1
Multiple SQL injection vulnerabilities in PHPRunner 4.2, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the SearchField parameter to (1) UserView_list.php, (2) orders_list.php, (3) users_list.php, and (4) Administrator_list.php.
network
low complexity
xlinesoft CWE-89
7.5
2006-11-17 CVE-2006-5956 Local Information Disclosure vulnerability in Xlinesoft PHPrunner 3.1
XLineSoft PHPRunner 3.1 stores the (1) database server name, (2) database names, (3) usernames, and (4) passwords in plaintext in %WINDIR%\PHPRunner.ini, which allows local users to obtain sensitive information by reading the file.
local
low complexity
xlinesoft
2.1
2004-12-31 CVE-2004-2060 Multiple vulnerability in XLineSoft ASPRunner
ASPRunner 2.4 stores the database under the web root in the db directory, which may allow remote attackers to obtain the database via a direct request to the database filename, which is predictable based on table and field names.
network
low complexity
xlinesoft
5.0
2004-12-31 CVE-2004-2059 Multiple vulnerability in XLineSoft ASPRunner
Multiple cross-site scripting vulnerabilities in ASPRunner 2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) SearchFor parameter in [TABLE-NAME]_search.asp, (2) SQL parameter in [TABLE-NAME]_edit.asp, (3) SearchFor parameter in [TABLE]_list.asp, or (4) SQL parameter in export.asp.
network
low complexity
xlinesoft
5.0
2004-12-31 CVE-2004-2058 Multiple vulnerability in XLineSoft ASPRunner
ASPRunner 2.4 allows remote attackers to gain sensitive information via (1) hidden form fields or (2) error messages.
network
low complexity
xlinesoft
5.0
2004-12-31 CVE-2004-2057 Multiple vulnerability in XLineSoft ASPRunner
SQL injection vulnerability in ASPRunner 2.4 allows remote attackers to execute arbitrary SQL statements.
network
low complexity
xlinesoft
7.5