Aspapps: Security Vulnerabilities
SQL injection vulnerability in media/media_level.asp in ASP Template Creature allows remote attackers to execute arbitrary SQL commands via the mcatid parameter.
CVSS Score
7.5
EPSS Score
0.005
Published
2009-01-23
ASP Template Creature stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for workDB/templatemonster.mdb.
CVSS Score
5.0
EPSS Score
0.045
Published
2009-01-23
SQL injection vulnerability in detail.asp in ASP AutoDealer allows remote attackers to execute arbitrary SQL commands via the ID parameter.
CVSS Score
7.5
EPSS Score
0.009
Published
2008-12-16
ASPTicker 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for news.mdb.
CVSS Score
5.0
EPSS Score
0.059
Published
2008-12-16
Multiple SQL injection vulnerabilities in ASP Portal allow remote attackers to execute arbitrary SQL commands via the (1) ItemID parameter to classifieds.asp and the (2) ID parameter to Events.asp.
CVSS Score
7.5
EPSS Score
0.003
Published
2008-12-16
ASP AutoDealer stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for auto.mdb.
CVSS Score
5.0
EPSS Score
0.075
Published
2008-12-16
ASPPortal stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for xportal.mdb.
CVSS Score
5.0
EPSS Score
0.023
Published
2008-12-15