3 matches found
CVE-2008-5925
ASP-Dev XM Events Diary has a partial-access control weakness that exposes the diary.mdb database under the web root, allowing remote retrieval via a direct request. Affected component is the diary database/file handling within the web app; underlying issue is insufficient access control leading ...
CVE-2008-5923
CVE-2008-5923 affects ASP-Dev XM Events Diary (Web app). OpenVAS/OpenVAS-derived data show SQL injection in default.asp (and diary_viewC.asp) where user-supplied input passed to SQL queries via the cat parameter, enabling remote attackers to execute arbitrary SQL. Additional context notes insuffi...
CVE-2008-5924
ASP-Dev XM Event Diary is affected by CVE-2008-5924, a SQL injection in diary_viewC.asp that allows remote attackers to execute arbitrary SQL commands via the cat parameter. The OpenVAS entry corroborates multiple vulnerabilities in the same product, including improper sanitisation of input used ...