CVE-2012-4061

Multiple SQL injection vulnerabilities in ASP-DEv XM Diary allow remote attackers to execute arbitrary SQL commands via the 1 id parameter to diaryview.asp or 2 viewdate parameter to default.asp...

CVE-2012-4060

Multiple SQL injection vulnerabilities in ASP-DEv XM Forums RC3 allow remote attackers to execute arbitrary SQL commands via the id parameter to 1 profile.asp, 2 forum.asp, or 3 topic.asp...

CVE-2012-4061

ASP-DEv XM Diary is affected by SQL injection flaws in the diary_view.asp (id parameter) and default.asp (view_date parameter). The underlying issue allows remote attackers to craft input to cause arbitrary SQL execution, as summarized by CVE-2012-4061. The entry records a CVSS v2 base score of 7...

ASP-DEv XM Forums SQL Injection

Exploit Title : ASP-DEv XM Forums SQL Injection Vulnerability Author : Secure-Land Security Team Discovered By : farbodmahini Home : Secure-Land.net Version : All Version Software Link : http://www.asp-dev.com/download.asp?did=1 Contact : [email protected] , [email protected] Security Ri...

ASP-DEv XM Diary SQL Injection

Exploit Title : ASP-DEv XM Diary SQL Injection Vulnerability Author : Secure-Land Security Team Discovered By : farbodmahini Home : Secure-Land.net Version : All Version Software Link : http://www.asp-dev.com/download.asp?did=2 Contact : [email protected] , [email protected] Security Ris...

ASP-Dev XM Event Diary Multiple Vulnerabilities

ASP-Dev XM Events Diary is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

ASP-Dev XM Event Diary Multiple Vulnerabilities

The host is running ASP-Dev XM Events Diary and prone to multiple vulnerabilities. Vulnerabilities Insight: - Input passed to the 'cat' parameter in 'default.asp' and 'diaryviewC.asp' are not properly sanitised before being used in SQL queries. - Insufficient access control to the database file...

Sql injection

SQL injection vulnerability in default.asp in ASP-DEv XM Events Diary allows remote attackers to execute arbitrary SQL commands the cat parameter...

CVE-2008-5925

ASP-DEv XM Events Diary stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for diary.mdb...

Sql injection

SQL injection vulnerability in diaryviewC.asp in ASP-DEv XM Events Diary allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2008-5926

Multiple SQL injection vulnerabilities in login.asp in ASP-DEv Internal E-Mail System allow remote attackers to execute arbitrary SQL commands via the 1 login parameter aka user field or the 2 password parameter aka pass field. NOTE: some of these details are obtained from third party information...

Improper access control

ASP-DEv XM Events Diary stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for diary.mdb...

CVE-2008-5924

SQL injection vulnerability in diaryviewC.asp in ASP-DEv XM Events Diary allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

Sql injection

Multiple SQL injection vulnerabilities in login.asp in ASP-DEv Internal E-Mail System allow remote attackers to execute arbitrary SQL commands via the 1 login parameter aka user field or the 2 password parameter aka pass field. NOTE: some of these details are obtained from third party information...

CVE-2008-5923

SQL injection vulnerability in default.asp in ASP-DEv XM Events Diary allows remote attackers to execute arbitrary SQL commands the cat parameter...

CVE-2008-5924

ASP-Dev XM Event Diary is affected by CVE-2008-5924, a SQL injection in diary_viewC.asp that allows remote attackers to execute arbitrary SQL commands via the cat parameter. The OpenVAS entry corroborates multiple vulnerabilities in the same product, including improper sanitisation of input used ...

CVE-2008-5926

CVE-2008-5926 affects the ASP-DEv Internal E-Mail System, where multiple SQL injection flaws exist in login.asp that allow remote attackers to alter the database by manipulating the login (user) or password fields. The NVD entry reports a base score of 7.5 (HIGH) with network access and LOW attac...

CVE-2008-5926

Multiple SQL injection vulnerabilities in login.asp in ASP-DEv Internal E-Mail System allow remote attackers to execute arbitrary SQL commands via the 1 login parameter aka user field or the 2 password parameter aka pass field. NOTE: some of these details are obtained from third party information...

CVE-2008-5923

SQL injection vulnerability in default.asp in ASP-DEv XM Events Diary allows remote attackers to execute arbitrary SQL commands the cat parameter...

CVE-2008-5925

ASP-DEv XM Events Diary stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for diary.mdb...