ASP Ublog version 1.6 suffers from a remote database download vulnerability.
cee10f65d05dd0e27836f9408a1ccd68a72e0e6931a165b87de53b742d42ac24
ASP SkyPortal version 1 suffers from a remote database download vulnerability.
e6a5a78ebe52ee5cf1cef83243eb91b4a188ce40fd95bcc9b05e867343426051
ASP PD Portal version 4.0 suffers from a database download vulnerability.
a805c902aac71243acc51fd3db494490c9071f90865d09bd68118243570333f4
ASP Vural Portal version 2.0 suffers from a remote database download vulnerability.
a2702cae870076d51d40a7c9d0279081e00734b59cf71528b6e1d42a9a03abd0
ASP Edepyahu Video suffers from a remote database download vulnerability.
29ef230631a50b7eeb3c7c4a0b558ebaacc9d67fbf4710df94bd59d9d6650672
ASP Zirve Portal suffers from a remote database disclosure vulnerability.
854064e4c416b2e4c40d31fe84a1be5f849accbd65c569e28141f305f3cc9145
ASP Cnr Hiyake Scripti suffers from a remote database download vulnerability.
77f4c5f1a2381570de8dd3628d61b01cc20473a5c12e6e731779146445cc6239
ASP Fot Video Siciripti version 1.1 suffers from a remote database download vulnerability.
4927757e937283c7ca243e62ee2e5b46078828262cf2a4032751d71de293e178
ASP Invision gallery_show.asp suffers from a remote blind SQL injection vulnerability.
48378027c7f88c104facb07bab2a2e049cbeda4787f3ced528ab23a4ca72274a
Asp JGBBS version 3.0beta1 suffers from a remote database disclosure vulnerability.
7319973bc6a7fec0a1d40d04e432865f6bc2063cb34fc3935259fd5103b3c45e
Fully Functional ASP Forum version 1.0 suffers from a database disclosure vulnerability.
cdadd49d2f33dbd2a6e856092cfb024afad8c7c46f05041225273621fb875feb
ASP Makit News/Blog Poster version 3.1 suffers from a remote database disclosure vulnerability.
f8e37f234aede523f8eb8662ef25057c3cc23afa829ca0614715f4223eb768a6
ASP Battle Blog suffers from a remote database disclosure vulnerability.
fc0f6767107f2f2402ceb5c2afe556306b664f129954708e331612e7ac032da3
ASP Simple Blog version 3.0 suffers from a remote shell upload vulnerability.
b76b6b905f4535c692f5efca57d341253413a3c0139cd95b9eadb241a0dae05e
ActiveBuyandSell version 6.2 suffers from a blind SQL injection vulnerability in buyersend.asp.
27892f081153209f7dd1b6589496ff57cb9b71c50a00f7226e441189432325f1
Free ASP GuestBookPro script suffers from a remote database disclosure vulnerability.
a52d9f78328587b6ef4a6b9485b292c7e2d69af08779b7de2ed18d48163f7fa6
Accessible ASP Star Ratings Script version 0.2 suffers form a remote blind SQL injection vulnerability.
2b346ee2a62cd9e8b165e61875c965a305de4dceafda25852c2c95c28f84d0fd
ClickTrackerASP suffers from a remote SQL injection vulnerability in sitedetails.asp.
d2d418a68891c16750e95f7ddb92bfb20159995c37d45fdb8415dc9587b09f1c
Free ASP suffers from a remote shell upload vulnerability.
9bba26c9ce7fe30951060c79b0d86c5e96c82e0a5289088edf6fdf17cd77bf7c
Mandriva Linux Security Advisory 2009-322 - IOActive Inc. found a buffer overflow in Mono.Math.BigInteger class in Mono 1.2.5.1 and previous versions, which allows arbitrary code execution by context-dependent attackers. Multiple cross-site scripting (XSS) vulnerabilities were discovered in the ASP.net class libraries in Mono 2.0 and earlier. CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the query string. The XML HMAC signature system did not correctly check certain lengths. If an attacker sent a truncated HMAC, it could bypass authentication, leading to potential privilege escalation. Packages for 2008.0 are being provided due to extended support for Corporate products. The updated packages have been patched to fix these issues.
ac595de6900cd8c12028c1914747f7f1fc67ec1d0d49ad77f576b6b17b0f2203
Mandriva Linux Security Advisory 2009-268 - Multiple cross-site scripting (XSS) vulnerabilities in the ASP.net class libraries in Mono 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted attributes related to (1) HtmlControl.cs (PreProcessRelativeReference), (2) HtmlForm.cs (RenderAttributes), (3) HtmlInputButton (RenderAttributes), (4) HtmlInputRadioButton (RenderAttributes), and (5) HtmlSelect (RenderChildren). The XML HMAC signature system did not correctly check certain lengths. If an attacker sent a truncated HMAC, it could bypass authentication, leading to potential privilege escalation. This update fixes these vulnerabilities.
0e41155cc42ddb5a5c21302a350227e68f876395d4400da79f4e4a1a818f4720
HotWeb Rentals suffers from a remote blind SQL injection vulnerability in details.asp.
60bf05c4377ddd11c891d84028e8e5051aa507b3e832e32928d625061a346dd7
Whitepaper called ASP and JSP security. Written in Persian.
9f0786137b295e197529b0f6c2c803c2290fb6965060132823b5ad6518989140
Ubuntu Security Notice USN-826-1 - It was discovered that the XML HMAC signature system did not correctly check certain lengths. If an attacker sent a truncated HMAC, it could bypass authentication, leading to potential privilege escalation. It was discovered that Mono did not properly escape certain attributes in the ASP.net class libraries which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. This issue only affected Ubuntu 8.04 LTS. It was discovered that Mono did not properly filter CRLF injections in the query string. If a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, steal confidential data (such as passwords), or perform cross-site request forgeries. This issue only affected Ubuntu 8.04 LTS.
2ad29fa1156368f088ec7fd61ddf354bd88a9b875c072b5a2b54cec8ad4511a1
Online Work Order Suite ASP version 3.10 suffers from cross site scripting vulnerabilities.
71a625350d91f2c7d3481e46556e63cadd061df00b080e38b79c5929ddfb9719