Aspportal : Security Vulnerabilities, CVEs, Published In 2006

CVE-2006-5879

SQL injection vulnerability in default1.asp in ASPPortal 4.0.0 beta and earlier allows remote attackers to execute arbitrary SQL commands via the Poll_ID parameter, a different vector than CVE-2006-1353.
Max CVSS
7.5
EPSS Score
0.67%
Published
2006-11-14
Updated
2018-10-17

CVE-2006-1353

Multiple SQL injection vulnerabilities in ASPPortal 3.1.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the downloadid parameter in download_click.asp and (2) content_ID parameter in news/News_Item.asp; authenticated administrators can also conduct attacks via (3) user_id parameter to users/add_edit_user.asp, (4) bannerid parameter to banner_adds/banner_add_edit.asp, (5) cat_id parameter to categories/add_edit_cat.asp, (6) Content_ID parameter to News/add_edit_news.asp, (7) download_id parameter to downloads/add_edit_download.asp, (8) Poll_ID parameter to poll/add_edit_poll.asp, (9) contactid parameter to contactus/contactus_add_edit.asp, (10) sortby parameter to poll/poll_list.asp, and (11) unspecified inputs to downloads/add_edit_download.asp.
Max CVSS
7.5
EPSS Score
0.98%
Published
2006-03-22
Updated
2018-10-18

CVE-2006-1262

Multiple SQL injection vulnerabilities in ASPPortal 3.00 have unknown impact and attack vectors.
Max CVSS
7.5
EPSS Score
0.73%
Published
2006-03-19
Updated
2017-07-20

CVE-2006-1261

Multiple cross-site scripting (XSS) vulnerabilities in ASPPortal 3.00 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
Max CVSS
4.3
EPSS Score
0.43%
Published
2006-03-19
Updated
2017-07-20
4 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close