Vulnerabilities > Xlinesoft
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-03-19 | CVE-2009-0964 | Cleartext Storage of Sensitive Information vulnerability in Xlinesoft PHPrunner UserView_list.php in PHPRunner 4.2, and possibly earlier, stores passwords in cleartext in the database, which allows attackers to gain privileges. | 7.5 |
| 2009-03-19 | CVE-2009-0963 | SQL Injection vulnerability in Xlinesoft PHPrunner 3.1 Multiple SQL injection vulnerabilities in PHPRunner 4.2, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the SearchField parameter to (1) UserView_list.php, (2) orders_list.php, (3) users_list.php, and (4) Administrator_list.php. | 7.5 |
| 2006-11-17 | CVE-2006-5956 | Local Information Disclosure vulnerability in Xlinesoft PHPrunner 3.1 XLineSoft PHPRunner 3.1 stores the (1) database server name, (2) database names, (3) usernames, and (4) passwords in plaintext in %WINDIR%\PHPRunner.ini, which allows local users to obtain sensitive information by reading the file. | 2.1 |
| 2004-12-31 | CVE-2004-2060 | Multiple vulnerability in XLineSoft ASPRunner ASPRunner 2.4 stores the database under the web root in the db directory, which may allow remote attackers to obtain the database via a direct request to the database filename, which is predictable based on table and field names. | 5.0 |
| 2004-12-31 | CVE-2004-2059 | Multiple vulnerability in XLineSoft ASPRunner Multiple cross-site scripting vulnerabilities in ASPRunner 2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) SearchFor parameter in [TABLE-NAME]_search.asp, (2) SQL parameter in [TABLE-NAME]_edit.asp, (3) SearchFor parameter in [TABLE]_list.asp, or (4) SQL parameter in export.asp. | 5.0 |
| 2004-12-31 | CVE-2004-2058 | Multiple vulnerability in XLineSoft ASPRunner ASPRunner 2.4 allows remote attackers to gain sensitive information via (1) hidden form fields or (2) error messages. | 5.0 |
| 2004-12-31 | CVE-2004-2057 | Multiple vulnerability in XLineSoft ASPRunner SQL injection vulnerability in ASPRunner 2.4 allows remote attackers to execute arbitrary SQL statements. | 7.5 |