Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    12 vulnerabilities by aspportal

    CVE-2008-6382 (GCVE-0-2008-6382)

    Vulnerability from nvd – Published: 2009-03-02 19:00 – Updated: 2024-08-07 11:27
    VLAI
    Summary
    ASP Portal 3.2.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to ASPPortal.mdb.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/32889 third-party-advisoryx_refsource_SECUNIA
    http://osvdb.org/50372 vdb-entryx_refsource_OSVDB
    https://www.exploit-db.com/exploits/7316 exploitx_refsource_EXPLOIT-DB
    Date Public
    2008-12-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T11:27:35.825Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "32889",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/32889"
              },
              {
                "name": "50372",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/50372"
              },
              {
                "name": "7316",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/7316"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-12-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ASP Portal 3.2.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to ASPPortal.mdb."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "32889",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/32889"
            },
            {
              "name": "50372",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/50372"
            },
            {
              "name": "7316",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/7316"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-6382",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "ASP Portal 3.2.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to ASPPortal.mdb."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "32889",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/32889"
                },
                {
                  "name": "50372",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/50372"
                },
                {
                  "name": "7316",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/7316"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-6382",
        "datePublished": "2009-03-02T19:00:00.000Z",
        "dateReserved": "2009-03-02T00:00:00.000Z",
        "dateUpdated": "2024-08-07T11:27:35.825Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-5268 (GCVE-0-2008-5268)

    Vulnerability from nvd – Published: 2008-11-28 18:26 – Updated: 2024-08-07 10:49
    VLAI
    Summary
    SQL injection vulnerability in content/forums/reply.asp in ASPPortal allows remote attackers to execute arbitrary SQL commands via the Topic_Id parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://securityreason.com/securityalert/4653 third-party-advisoryx_refsource_SREASON
    https://www.exploit-db.com/exploits/5775 exploitx_refsource_EXPLOIT-DB
    http://www.securityfocus.com/archive/1/493302/100… mailing-listx_refsource_BUGTRAQ
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/bid/29631 vdb-entryx_refsource_BID
    Date Public
    2008-06-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T10:49:12.384Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "4653",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/4653"
              },
              {
                "name": "5775",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/5775"
              },
              {
                "name": "20080612 ASPPortal Free Version (Topic_Id) Remote SQL Injection Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/493302/100/0/threaded"
              },
              {
                "name": "aspportal-reply-sql-injection(42977)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42977"
              },
              {
                "name": "29631",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/29631"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-06-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SQL injection vulnerability in content/forums/reply.asp in ASPPortal allows remote attackers to execute arbitrary SQL commands via the Topic_Id parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-11T19:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "4653",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/4653"
            },
            {
              "name": "5775",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/5775"
            },
            {
              "name": "20080612 ASPPortal Free Version (Topic_Id) Remote SQL Injection Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/493302/100/0/threaded"
            },
            {
              "name": "aspportal-reply-sql-injection(42977)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42977"
            },
            {
              "name": "29631",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/29631"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-5268",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SQL injection vulnerability in content/forums/reply.asp in ASPPortal allows remote attackers to execute arbitrary SQL commands via the Topic_Id parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "4653",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/4653"
                },
                {
                  "name": "5775",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/5775"
                },
                {
                  "name": "20080612 ASPPortal Free Version (Topic_Id) Remote SQL Injection Vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/493302/100/0/threaded"
                },
                {
                  "name": "aspportal-reply-sql-injection(42977)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42977"
                },
                {
                  "name": "29631",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/29631"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-5268",
        "datePublished": "2008-11-28T18:26:00.000Z",
        "dateReserved": "2008-11-28T00:00:00.000Z",
        "dateUpdated": "2024-08-07T10:49:12.384Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-5879 (GCVE-0-2006-5879)

    Vulnerability from nvd – Published: 2006-11-14 19:00 – Updated: 2024-08-07 20:04
    VLAI
    Summary
    SQL injection vulnerability in default1.asp in ASPPortal 4.0.0 beta and earlier allows remote attackers to execute arbitrary SQL commands via the Poll_ID parameter, a different vector than CVE-2006-1353.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://www.exploit-db.com/exploits/2762 exploitx_refsource_EXPLOIT-DB
    http://secunia.com/advisories/22845 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/bid/21039 vdb-entryx_refsource_BID
    http://www.vupen.com/english/advisories/2006/4461 vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/archive/1/451384/100… mailing-listx_refsource_BUGTRAQ
    Date Public
    2006-11-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T20:04:55.552Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "2762",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/2762"
              },
              {
                "name": "22845",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/22845"
              },
              {
                "name": "aspportal-default1-sql-injection(30186)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30186"
              },
              {
                "name": "21039",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/21039"
              },
              {
                "name": "ADV-2006-4461",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/4461"
              },
              {
                "name": "20061112 ASPPortal \u003c= 4.0.0 (default1.asp) Remote SQL Injection Exploit",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/451384/100/0/threaded"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-11-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SQL injection vulnerability in default1.asp in ASPPortal 4.0.0 beta and earlier allows remote attackers to execute arbitrary SQL commands via the Poll_ID parameter, a different vector than CVE-2006-1353."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-17T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "2762",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/2762"
            },
            {
              "name": "22845",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/22845"
            },
            {
              "name": "aspportal-default1-sql-injection(30186)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30186"
            },
            {
              "name": "21039",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/21039"
            },
            {
              "name": "ADV-2006-4461",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/4461"
            },
            {
              "name": "20061112 ASPPortal \u003c= 4.0.0 (default1.asp) Remote SQL Injection Exploit",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/451384/100/0/threaded"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-5879",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SQL injection vulnerability in default1.asp in ASPPortal 4.0.0 beta and earlier allows remote attackers to execute arbitrary SQL commands via the Poll_ID parameter, a different vector than CVE-2006-1353."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "2762",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/2762"
                },
                {
                  "name": "22845",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/22845"
                },
                {
                  "name": "aspportal-default1-sql-injection(30186)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30186"
                },
                {
                  "name": "21039",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/21039"
                },
                {
                  "name": "ADV-2006-4461",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/4461"
                },
                {
                  "name": "20061112 ASPPortal \u003c= 4.0.0 (default1.asp) Remote SQL Injection Exploit",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/451384/100/0/threaded"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-5879",
        "datePublished": "2006-11-14T19:00:00.000Z",
        "dateReserved": "2006-11-14T00:00:00.000Z",
        "dateUpdated": "2024-08-07T20:04:55.552Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-1353 (GCVE-0-2006-1353)

    Vulnerability from nvd – Published: 2006-03-22 02:00 – Updated: 2024-08-07 17:12
    VLAI
    Summary
    Multiple SQL injection vulnerabilities in ASPPortal 3.1.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the downloadid parameter in download_click.asp and (2) content_ID parameter in news/News_Item.asp; authenticated administrators can also conduct attacks via (3) user_id parameter to users/add_edit_user.asp, (4) bannerid parameter to banner_adds/banner_add_edit.asp, (5) cat_id parameter to categories/add_edit_cat.asp, (6) Content_ID parameter to News/add_edit_news.asp, (7) download_id parameter to downloads/add_edit_download.asp, (8) Poll_ID parameter to poll/add_edit_poll.asp, (9) contactid parameter to contactus/contactus_add_edit.asp, (10) sortby parameter to poll/poll_list.asp, and (11) unspecified inputs to downloads/add_edit_download.asp.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://archives.neohapsis.com/archives/fulldisclo… mailing-listx_refsource_FULLDISC
    http://www.osvdb.org/24091 vdb-entryx_refsource_OSVDB
    http://secunia.com/advisories/19286 third-party-advisoryx_refsource_SECUNIA
    http://www.osvdb.org/24092 vdb-entryx_refsource_OSVDB
    http://www.osvdb.org/24090 vdb-entryx_refsource_OSVDB
    http://www.nukedx.com/?viewdoc=21 x_refsource_MISC
    http://www.osvdb.org/24086 vdb-entryx_refsource_OSVDB
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://securityreason.com/securityalert/608 third-party-advisoryx_refsource_SREASON
    http://www.osvdb.org/24085 vdb-entryx_refsource_OSVDB
    http://www.securityfocus.com/archive/1/428355/100… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/archive/1/428615/100… mailing-listx_refsource_BUGTRAQ
    http://www.osvdb.org/24084 vdb-entryx_refsource_OSVDB
    http://www.securityfocus.com/bid/17174 vdb-entryx_refsource_BID
    http://www.vupen.com/english/advisories/2006/1014 vdb-entryx_refsource_VUPEN
    http://www.osvdb.org/24020 vdb-entryx_refsource_OSVDB
    http://www.osvdb.org/24087 vdb-entryx_refsource_OSVDB
    http://www.osvdb.org/24088 vdb-entryx_refsource_OSVDB
    http://www.osvdb.org/24089 vdb-entryx_refsource_OSVDB
    https://www.exploit-db.com/exploits/1597 exploitx_refsource_EXPLOIT-DB
    http://archives.neohapsis.com/archives/fulldisclo… mailing-listx_refsource_FULLDISC
    Date Public
    2006-03-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T17:12:20.555Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20060322 Re: [SPAM:] - ASPPortal \u003c= 3.1.1 Multiple Remote SQL Injection Vulnerabilities - Email has different SMTP TO: and MIME TO: fields in the email addresses",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1431.html"
              },
              {
                "name": "24091",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/24091"
              },
              {
                "name": "19286",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/19286"
              },
              {
                "name": "24092",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/24092"
              },
              {
                "name": "24090",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/24090"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.nukedx.com/?viewdoc=21"
              },
              {
                "name": "24086",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/24086"
              },
              {
                "name": "aspportal-multiple-aspscripts-sql-injection(25346)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25346"
              },
              {
                "name": "608",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/608"
              },
              {
                "name": "24085",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/24085"
              },
              {
                "name": "20060321 ASPPortal \u003c= 3.1.1 Multiple Remote SQL Injection Vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/428355/100/0/threaded"
              },
              {
                "name": "20060322 Re: [SPAM:] - ASPPortal \u003c= 3.1.1 Multiple Remote SQL Injection Vulnerabilities - Email has different SMTP TO: and MIME TO: fields in the email addresses",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/428615/100/0/threaded"
              },
              {
                "name": "24084",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/24084"
              },
              {
                "name": "17174",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/17174"
              },
              {
                "name": "ADV-2006-1014",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/1014"
              },
              {
                "name": "24020",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/24020"
              },
              {
                "name": "24087",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/24087"
              },
              {
                "name": "24088",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/24088"
              },
              {
                "name": "24089",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/24089"
              },
              {
                "name": "1597",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/1597"
              },
              {
                "name": "20060321 ASPPortal \u003c= 3.1.1 Multiple Remote SQL Injection Vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1402.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-03-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple SQL injection vulnerabilities in ASPPortal 3.1.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the downloadid parameter in download_click.asp and (2) content_ID parameter in news/News_Item.asp; authenticated administrators can also conduct attacks via (3) user_id parameter to users/add_edit_user.asp, (4) bannerid parameter to banner_adds/banner_add_edit.asp, (5) cat_id parameter to categories/add_edit_cat.asp, (6) Content_ID parameter to News/add_edit_news.asp, (7) download_id parameter to downloads/add_edit_download.asp, (8) Poll_ID parameter to poll/add_edit_poll.asp, (9) contactid parameter to contactus/contactus_add_edit.asp, (10) sortby parameter to poll/poll_list.asp, and (11) unspecified inputs to downloads/add_edit_download.asp."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-18T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20060322 Re: [SPAM:] - ASPPortal \u003c= 3.1.1 Multiple Remote SQL Injection Vulnerabilities - Email has different SMTP TO: and MIME TO: fields in the email addresses",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1431.html"
            },
            {
              "name": "24091",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/24091"
            },
            {
              "name": "19286",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/19286"
            },
            {
              "name": "24092",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/24092"
            },
            {
              "name": "24090",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/24090"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.nukedx.com/?viewdoc=21"
            },
            {
              "name": "24086",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/24086"
            },
            {
              "name": "aspportal-multiple-aspscripts-sql-injection(25346)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25346"
            },
            {
              "name": "608",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/608"
            },
            {
              "name": "24085",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/24085"
            },
            {
              "name": "20060321 ASPPortal \u003c= 3.1.1 Multiple Remote SQL Injection Vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/428355/100/0/threaded"
            },
            {
              "name": "20060322 Re: [SPAM:] - ASPPortal \u003c= 3.1.1 Multiple Remote SQL Injection Vulnerabilities - Email has different SMTP TO: and MIME TO: fields in the email addresses",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/428615/100/0/threaded"
            },
            {
              "name": "24084",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/24084"
            },
            {
              "name": "17174",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/17174"
            },
            {
              "name": "ADV-2006-1014",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/1014"
            },
            {
              "name": "24020",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/24020"
            },
            {
              "name": "24087",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/24087"
            },
            {
              "name": "24088",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/24088"
            },
            {
              "name": "24089",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/24089"
            },
            {
              "name": "1597",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/1597"
            },
            {
              "name": "20060321 ASPPortal \u003c= 3.1.1 Multiple Remote SQL Injection Vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1402.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-1353",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple SQL injection vulnerabilities in ASPPortal 3.1.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the downloadid parameter in download_click.asp and (2) content_ID parameter in news/News_Item.asp; authenticated administrators can also conduct attacks via (3) user_id parameter to users/add_edit_user.asp, (4) bannerid parameter to banner_adds/banner_add_edit.asp, (5) cat_id parameter to categories/add_edit_cat.asp, (6) Content_ID parameter to News/add_edit_news.asp, (7) download_id parameter to downloads/add_edit_download.asp, (8) Poll_ID parameter to poll/add_edit_poll.asp, (9) contactid parameter to contactus/contactus_add_edit.asp, (10) sortby parameter to poll/poll_list.asp, and (11) unspecified inputs to downloads/add_edit_download.asp."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20060322 Re: [SPAM:] - ASPPortal \u003c= 3.1.1 Multiple Remote SQL Injection Vulnerabilities - Email has different SMTP TO: and MIME TO: fields in the email addresses",
                  "refsource": "FULLDISC",
                  "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1431.html"
                },
                {
                  "name": "24091",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/24091"
                },
                {
                  "name": "19286",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/19286"
                },
                {
                  "name": "24092",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/24092"
                },
                {
                  "name": "24090",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/24090"
                },
                {
                  "name": "http://www.nukedx.com/?viewdoc=21",
                  "refsource": "MISC",
                  "url": "http://www.nukedx.com/?viewdoc=21"
                },
                {
                  "name": "24086",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/24086"
                },
                {
                  "name": "aspportal-multiple-aspscripts-sql-injection(25346)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25346"
                },
                {
                  "name": "608",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/608"
                },
                {
                  "name": "24085",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/24085"
                },
                {
                  "name": "20060321 ASPPortal \u003c= 3.1.1 Multiple Remote SQL Injection Vulnerabilities",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/428355/100/0/threaded"
                },
                {
                  "name": "20060322 Re: [SPAM:] - ASPPortal \u003c= 3.1.1 Multiple Remote SQL Injection Vulnerabilities - Email has different SMTP TO: and MIME TO: fields in the email addresses",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/428615/100/0/threaded"
                },
                {
                  "name": "24084",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/24084"
                },
                {
                  "name": "17174",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/17174"
                },
                {
                  "name": "ADV-2006-1014",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/1014"
                },
                {
                  "name": "24020",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/24020"
                },
                {
                  "name": "24087",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/24087"
                },
                {
                  "name": "24088",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/24088"
                },
                {
                  "name": "24089",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/24089"
                },
                {
                  "name": "1597",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/1597"
                },
                {
                  "name": "20060321 ASPPortal \u003c= 3.1.1 Multiple Remote SQL Injection Vulnerabilities",
                  "refsource": "FULLDISC",
                  "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1402.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-1353",
        "datePublished": "2006-03-22T02:00:00.000Z",
        "dateReserved": "2006-03-21T00:00:00.000Z",
        "dateUpdated": "2024-08-07T17:12:20.555Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-1261 (GCVE-0-2006-1261)

    Vulnerability from nvd – Published: 2006-03-19 02:00 – Updated: 2024-08-07 17:03
    VLAI
    Summary
    Multiple cross-site scripting (XSS) vulnerabilities in ASPPortal 3.00 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/17114 vdb-entryx_refsource_BID
    http://archives.neohapsis.com/archives/fulldisclo… mailing-listx_refsource_FULLDISC
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://securitytracker.com/id?1015772 vdb-entryx_refsource_SECTRACK
    http://www.aspportal.net/content/news/News_Item.a… x_refsource_CONFIRM
    http://www.osvdb.org/23920 vdb-entryx_refsource_OSVDB
    http://secunia.com/advisories/19247 third-party-advisoryx_refsource_SECUNIA
    http://marc.info/?l=bugtraq&m=114243660409338&w=2 mailing-listx_refsource_BUGTRAQ
    Date Public
    2006-03-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T17:03:28.624Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "17114",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/17114"
              },
              {
                "name": "20060314 CodeScan Advisory: Multiple Vulnerabilities In ASPPortal.net",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-02/1517.html"
              },
              {
                "name": "aspportal-multiple-xss(25235)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25235"
              },
              {
                "name": "1015772",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1015772"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.aspportal.net/content/news/News_Item.asp?content_ID=32"
              },
              {
                "name": "23920",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/23920"
              },
              {
                "name": "19247",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/19247"
              },
              {
                "name": "20060315 CodeScan Advisory: Multiple Vulnerabilities In ASPPortal.net",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=114243660409338\u0026w=2"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-03-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in ASPPortal 3.00 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-19T15:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "17114",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/17114"
            },
            {
              "name": "20060314 CodeScan Advisory: Multiple Vulnerabilities In ASPPortal.net",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-02/1517.html"
            },
            {
              "name": "aspportal-multiple-xss(25235)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25235"
            },
            {
              "name": "1015772",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1015772"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.aspportal.net/content/news/News_Item.asp?content_ID=32"
            },
            {
              "name": "23920",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/23920"
            },
            {
              "name": "19247",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/19247"
            },
            {
              "name": "20060315 CodeScan Advisory: Multiple Vulnerabilities In ASPPortal.net",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=114243660409338\u0026w=2"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-1261",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple cross-site scripting (XSS) vulnerabilities in ASPPortal 3.00 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "17114",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/17114"
                },
                {
                  "name": "20060314 CodeScan Advisory: Multiple Vulnerabilities In ASPPortal.net",
                  "refsource": "FULLDISC",
                  "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-02/1517.html"
                },
                {
                  "name": "aspportal-multiple-xss(25235)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25235"
                },
                {
                  "name": "1015772",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1015772"
                },
                {
                  "name": "http://www.aspportal.net/content/news/News_Item.asp?content_ID=32",
                  "refsource": "CONFIRM",
                  "url": "http://www.aspportal.net/content/news/News_Item.asp?content_ID=32"
                },
                {
                  "name": "23920",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/23920"
                },
                {
                  "name": "19247",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/19247"
                },
                {
                  "name": "20060315 CodeScan Advisory: Multiple Vulnerabilities In ASPPortal.net",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=114243660409338\u0026w=2"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-1261",
        "datePublished": "2006-03-19T02:00:00.000Z",
        "dateReserved": "2006-03-18T00:00:00.000Z",
        "dateUpdated": "2024-08-07T17:03:28.624Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-1262 (GCVE-0-2006-1262)

    Vulnerability from nvd – Published: 2006-03-19 02:00 – Updated: 2024-08-07 17:03
    VLAI
    Summary
    Multiple SQL injection vulnerabilities in ASPPortal 3.00 have unknown impact and attack vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/bid/17114 vdb-entryx_refsource_BID
    http://archives.neohapsis.com/archives/fulldisclo… mailing-listx_refsource_FULLDISC
    http://www.osvdb.org/23919 vdb-entryx_refsource_OSVDB
    http://securitytracker.com/id?1015772 vdb-entryx_refsource_SECTRACK
    http://www.aspportal.net/content/news/News_Item.a… x_refsource_CONFIRM
    http://securityreason.com/securityalert/592 third-party-advisoryx_refsource_SREASON
    http://secunia.com/advisories/19247 third-party-advisoryx_refsource_SECUNIA
    http://marc.info/?l=bugtraq&m=114243660409338&w=2 mailing-listx_refsource_BUGTRAQ
    Date Public
    2006-03-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T17:03:28.841Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "aspportal-multiple-scripts-sql-injection(25234)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25234"
              },
              {
                "name": "17114",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/17114"
              },
              {
                "name": "20060314 CodeScan Advisory: Multiple Vulnerabilities In ASPPortal.net",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-02/1517.html"
              },
              {
                "name": "23919",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/23919"
              },
              {
                "name": "1015772",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1015772"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.aspportal.net/content/news/News_Item.asp?content_ID=32"
              },
              {
                "name": "592",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/592"
              },
              {
                "name": "19247",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/19247"
              },
              {
                "name": "20060315 CodeScan Advisory: Multiple Vulnerabilities In ASPPortal.net",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=114243660409338\u0026w=2"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-03-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple SQL injection vulnerabilities in ASPPortal 3.00 have unknown impact and attack vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-19T15:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "aspportal-multiple-scripts-sql-injection(25234)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25234"
            },
            {
              "name": "17114",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/17114"
            },
            {
              "name": "20060314 CodeScan Advisory: Multiple Vulnerabilities In ASPPortal.net",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-02/1517.html"
            },
            {
              "name": "23919",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/23919"
            },
            {
              "name": "1015772",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1015772"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.aspportal.net/content/news/News_Item.asp?content_ID=32"
            },
            {
              "name": "592",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/592"
            },
            {
              "name": "19247",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/19247"
            },
            {
              "name": "20060315 CodeScan Advisory: Multiple Vulnerabilities In ASPPortal.net",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=114243660409338\u0026w=2"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-1262",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple SQL injection vulnerabilities in ASPPortal 3.00 have unknown impact and attack vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "aspportal-multiple-scripts-sql-injection(25234)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25234"
                },
                {
                  "name": "17114",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/17114"
                },
                {
                  "name": "20060314 CodeScan Advisory: Multiple Vulnerabilities In ASPPortal.net",
                  "refsource": "FULLDISC",
                  "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-02/1517.html"
                },
                {
                  "name": "23919",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/23919"
                },
                {
                  "name": "1015772",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1015772"
                },
                {
                  "name": "http://www.aspportal.net/content/news/News_Item.asp?content_ID=32",
                  "refsource": "CONFIRM",
                  "url": "http://www.aspportal.net/content/news/News_Item.asp?content_ID=32"
                },
                {
                  "name": "592",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/592"
                },
                {
                  "name": "19247",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/19247"
                },
                {
                  "name": "20060315 CodeScan Advisory: Multiple Vulnerabilities In ASPPortal.net",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=114243660409338\u0026w=2"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-1262",
        "datePublished": "2006-03-19T02:00:00.000Z",
        "dateReserved": "2006-03-18T00:00:00.000Z",
        "dateUpdated": "2024-08-07T17:03:28.841Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-6382 (GCVE-0-2008-6382)

    Vulnerability from cvelistv5 – Published: 2009-03-02 19:00 – Updated: 2024-08-07 11:27
    VLAI
    Summary
    ASP Portal 3.2.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to ASPPortal.mdb.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/32889 third-party-advisoryx_refsource_SECUNIA
    http://osvdb.org/50372 vdb-entryx_refsource_OSVDB
    https://www.exploit-db.com/exploits/7316 exploitx_refsource_EXPLOIT-DB
    Date Public
    2008-12-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T11:27:35.825Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "32889",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/32889"
              },
              {
                "name": "50372",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/50372"
              },
              {
                "name": "7316",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/7316"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-12-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ASP Portal 3.2.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to ASPPortal.mdb."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "32889",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/32889"
            },
            {
              "name": "50372",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/50372"
            },
            {
              "name": "7316",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/7316"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-6382",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "ASP Portal 3.2.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to ASPPortal.mdb."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "32889",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/32889"
                },
                {
                  "name": "50372",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/50372"
                },
                {
                  "name": "7316",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/7316"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-6382",
        "datePublished": "2009-03-02T19:00:00.000Z",
        "dateReserved": "2009-03-02T00:00:00.000Z",
        "dateUpdated": "2024-08-07T11:27:35.825Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-5268 (GCVE-0-2008-5268)

    Vulnerability from cvelistv5 – Published: 2008-11-28 18:26 – Updated: 2024-08-07 10:49
    VLAI
    Summary
    SQL injection vulnerability in content/forums/reply.asp in ASPPortal allows remote attackers to execute arbitrary SQL commands via the Topic_Id parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://securityreason.com/securityalert/4653 third-party-advisoryx_refsource_SREASON
    https://www.exploit-db.com/exploits/5775 exploitx_refsource_EXPLOIT-DB
    http://www.securityfocus.com/archive/1/493302/100… mailing-listx_refsource_BUGTRAQ
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/bid/29631 vdb-entryx_refsource_BID
    Date Public
    2008-06-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T10:49:12.384Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "4653",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/4653"
              },
              {
                "name": "5775",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/5775"
              },
              {
                "name": "20080612 ASPPortal Free Version (Topic_Id) Remote SQL Injection Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/493302/100/0/threaded"
              },
              {
                "name": "aspportal-reply-sql-injection(42977)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42977"
              },
              {
                "name": "29631",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/29631"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-06-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SQL injection vulnerability in content/forums/reply.asp in ASPPortal allows remote attackers to execute arbitrary SQL commands via the Topic_Id parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-11T19:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "4653",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/4653"
            },
            {
              "name": "5775",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/5775"
            },
            {
              "name": "20080612 ASPPortal Free Version (Topic_Id) Remote SQL Injection Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/493302/100/0/threaded"
            },
            {
              "name": "aspportal-reply-sql-injection(42977)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42977"
            },
            {
              "name": "29631",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/29631"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-5268",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SQL injection vulnerability in content/forums/reply.asp in ASPPortal allows remote attackers to execute arbitrary SQL commands via the Topic_Id parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "4653",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/4653"
                },
                {
                  "name": "5775",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/5775"
                },
                {
                  "name": "20080612 ASPPortal Free Version (Topic_Id) Remote SQL Injection Vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/493302/100/0/threaded"
                },
                {
                  "name": "aspportal-reply-sql-injection(42977)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42977"
                },
                {
                  "name": "29631",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/29631"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-5268",
        "datePublished": "2008-11-28T18:26:00.000Z",
        "dateReserved": "2008-11-28T00:00:00.000Z",
        "dateUpdated": "2024-08-07T10:49:12.384Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-5879 (GCVE-0-2006-5879)

    Vulnerability from cvelistv5 – Published: 2006-11-14 19:00 – Updated: 2024-08-07 20:04
    VLAI
    Summary
    SQL injection vulnerability in default1.asp in ASPPortal 4.0.0 beta and earlier allows remote attackers to execute arbitrary SQL commands via the Poll_ID parameter, a different vector than CVE-2006-1353.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://www.exploit-db.com/exploits/2762 exploitx_refsource_EXPLOIT-DB
    http://secunia.com/advisories/22845 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/bid/21039 vdb-entryx_refsource_BID
    http://www.vupen.com/english/advisories/2006/4461 vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/archive/1/451384/100… mailing-listx_refsource_BUGTRAQ
    Date Public
    2006-11-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T20:04:55.552Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "2762",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/2762"
              },
              {
                "name": "22845",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/22845"
              },
              {
                "name": "aspportal-default1-sql-injection(30186)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30186"
              },
              {
                "name": "21039",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/21039"
              },
              {
                "name": "ADV-2006-4461",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/4461"
              },
              {
                "name": "20061112 ASPPortal \u003c= 4.0.0 (default1.asp) Remote SQL Injection Exploit",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/451384/100/0/threaded"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-11-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SQL injection vulnerability in default1.asp in ASPPortal 4.0.0 beta and earlier allows remote attackers to execute arbitrary SQL commands via the Poll_ID parameter, a different vector than CVE-2006-1353."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-17T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "2762",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/2762"
            },
            {
              "name": "22845",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/22845"
            },
            {
              "name": "aspportal-default1-sql-injection(30186)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30186"
            },
            {
              "name": "21039",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/21039"
            },
            {
              "name": "ADV-2006-4461",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/4461"
            },
            {
              "name": "20061112 ASPPortal \u003c= 4.0.0 (default1.asp) Remote SQL Injection Exploit",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/451384/100/0/threaded"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-5879",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SQL injection vulnerability in default1.asp in ASPPortal 4.0.0 beta and earlier allows remote attackers to execute arbitrary SQL commands via the Poll_ID parameter, a different vector than CVE-2006-1353."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "2762",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/2762"
                },
                {
                  "name": "22845",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/22845"
                },
                {
                  "name": "aspportal-default1-sql-injection(30186)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30186"
                },
                {
                  "name": "21039",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/21039"
                },
                {
                  "name": "ADV-2006-4461",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/4461"
                },
                {
                  "name": "20061112 ASPPortal \u003c= 4.0.0 (default1.asp) Remote SQL Injection Exploit",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/451384/100/0/threaded"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-5879",
        "datePublished": "2006-11-14T19:00:00.000Z",
        "dateReserved": "2006-11-14T00:00:00.000Z",
        "dateUpdated": "2024-08-07T20:04:55.552Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-1353 (GCVE-0-2006-1353)

    Vulnerability from cvelistv5 – Published: 2006-03-22 02:00 – Updated: 2024-08-07 17:12
    VLAI
    Summary
    Multiple SQL injection vulnerabilities in ASPPortal 3.1.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the downloadid parameter in download_click.asp and (2) content_ID parameter in news/News_Item.asp; authenticated administrators can also conduct attacks via (3) user_id parameter to users/add_edit_user.asp, (4) bannerid parameter to banner_adds/banner_add_edit.asp, (5) cat_id parameter to categories/add_edit_cat.asp, (6) Content_ID parameter to News/add_edit_news.asp, (7) download_id parameter to downloads/add_edit_download.asp, (8) Poll_ID parameter to poll/add_edit_poll.asp, (9) contactid parameter to contactus/contactus_add_edit.asp, (10) sortby parameter to poll/poll_list.asp, and (11) unspecified inputs to downloads/add_edit_download.asp.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://archives.neohapsis.com/archives/fulldisclo… mailing-listx_refsource_FULLDISC
    http://www.osvdb.org/24091 vdb-entryx_refsource_OSVDB
    http://secunia.com/advisories/19286 third-party-advisoryx_refsource_SECUNIA
    http://www.osvdb.org/24092 vdb-entryx_refsource_OSVDB
    http://www.osvdb.org/24090 vdb-entryx_refsource_OSVDB
    http://www.nukedx.com/?viewdoc=21 x_refsource_MISC
    http://www.osvdb.org/24086 vdb-entryx_refsource_OSVDB
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://securityreason.com/securityalert/608 third-party-advisoryx_refsource_SREASON
    http://www.osvdb.org/24085 vdb-entryx_refsource_OSVDB
    http://www.securityfocus.com/archive/1/428355/100… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/archive/1/428615/100… mailing-listx_refsource_BUGTRAQ
    http://www.osvdb.org/24084 vdb-entryx_refsource_OSVDB
    http://www.securityfocus.com/bid/17174 vdb-entryx_refsource_BID
    http://www.vupen.com/english/advisories/2006/1014 vdb-entryx_refsource_VUPEN
    http://www.osvdb.org/24020 vdb-entryx_refsource_OSVDB
    http://www.osvdb.org/24087 vdb-entryx_refsource_OSVDB
    http://www.osvdb.org/24088 vdb-entryx_refsource_OSVDB
    http://www.osvdb.org/24089 vdb-entryx_refsource_OSVDB
    https://www.exploit-db.com/exploits/1597 exploitx_refsource_EXPLOIT-DB
    http://archives.neohapsis.com/archives/fulldisclo… mailing-listx_refsource_FULLDISC
    Date Public
    2006-03-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T17:12:20.555Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20060322 Re: [SPAM:] - ASPPortal \u003c= 3.1.1 Multiple Remote SQL Injection Vulnerabilities - Email has different SMTP TO: and MIME TO: fields in the email addresses",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1431.html"
              },
              {
                "name": "24091",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/24091"
              },
              {
                "name": "19286",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/19286"
              },
              {
                "name": "24092",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/24092"
              },
              {
                "name": "24090",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/24090"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.nukedx.com/?viewdoc=21"
              },
              {
                "name": "24086",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/24086"
              },
              {
                "name": "aspportal-multiple-aspscripts-sql-injection(25346)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25346"
              },
              {
                "name": "608",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/608"
              },
              {
                "name": "24085",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/24085"
              },
              {
                "name": "20060321 ASPPortal \u003c= 3.1.1 Multiple Remote SQL Injection Vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/428355/100/0/threaded"
              },
              {
                "name": "20060322 Re: [SPAM:] - ASPPortal \u003c= 3.1.1 Multiple Remote SQL Injection Vulnerabilities - Email has different SMTP TO: and MIME TO: fields in the email addresses",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/428615/100/0/threaded"
              },
              {
                "name": "24084",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/24084"
              },
              {
                "name": "17174",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/17174"
              },
              {
                "name": "ADV-2006-1014",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/1014"
              },
              {
                "name": "24020",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/24020"
              },
              {
                "name": "24087",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/24087"
              },
              {
                "name": "24088",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/24088"
              },
              {
                "name": "24089",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/24089"
              },
              {
                "name": "1597",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/1597"
              },
              {
                "name": "20060321 ASPPortal \u003c= 3.1.1 Multiple Remote SQL Injection Vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1402.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-03-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple SQL injection vulnerabilities in ASPPortal 3.1.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the downloadid parameter in download_click.asp and (2) content_ID parameter in news/News_Item.asp; authenticated administrators can also conduct attacks via (3) user_id parameter to users/add_edit_user.asp, (4) bannerid parameter to banner_adds/banner_add_edit.asp, (5) cat_id parameter to categories/add_edit_cat.asp, (6) Content_ID parameter to News/add_edit_news.asp, (7) download_id parameter to downloads/add_edit_download.asp, (8) Poll_ID parameter to poll/add_edit_poll.asp, (9) contactid parameter to contactus/contactus_add_edit.asp, (10) sortby parameter to poll/poll_list.asp, and (11) unspecified inputs to downloads/add_edit_download.asp."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-18T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20060322 Re: [SPAM:] - ASPPortal \u003c= 3.1.1 Multiple Remote SQL Injection Vulnerabilities - Email has different SMTP TO: and MIME TO: fields in the email addresses",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1431.html"
            },
            {
              "name": "24091",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/24091"
            },
            {
              "name": "19286",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/19286"
            },
            {
              "name": "24092",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/24092"
            },
            {
              "name": "24090",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/24090"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.nukedx.com/?viewdoc=21"
            },
            {
              "name": "24086",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/24086"
            },
            {
              "name": "aspportal-multiple-aspscripts-sql-injection(25346)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25346"
            },
            {
              "name": "608",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/608"
            },
            {
              "name": "24085",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/24085"
            },
            {
              "name": "20060321 ASPPortal \u003c= 3.1.1 Multiple Remote SQL Injection Vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/428355/100/0/threaded"
            },
            {
              "name": "20060322 Re: [SPAM:] - ASPPortal \u003c= 3.1.1 Multiple Remote SQL Injection Vulnerabilities - Email has different SMTP TO: and MIME TO: fields in the email addresses",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/428615/100/0/threaded"
            },
            {
              "name": "24084",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/24084"
            },
            {
              "name": "17174",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/17174"
            },
            {
              "name": "ADV-2006-1014",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/1014"
            },
            {
              "name": "24020",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/24020"
            },
            {
              "name": "24087",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/24087"
            },
            {
              "name": "24088",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/24088"
            },
            {
              "name": "24089",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/24089"
            },
            {
              "name": "1597",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/1597"
            },
            {
              "name": "20060321 ASPPortal \u003c= 3.1.1 Multiple Remote SQL Injection Vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1402.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-1353",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple SQL injection vulnerabilities in ASPPortal 3.1.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the downloadid parameter in download_click.asp and (2) content_ID parameter in news/News_Item.asp; authenticated administrators can also conduct attacks via (3) user_id parameter to users/add_edit_user.asp, (4) bannerid parameter to banner_adds/banner_add_edit.asp, (5) cat_id parameter to categories/add_edit_cat.asp, (6) Content_ID parameter to News/add_edit_news.asp, (7) download_id parameter to downloads/add_edit_download.asp, (8) Poll_ID parameter to poll/add_edit_poll.asp, (9) contactid parameter to contactus/contactus_add_edit.asp, (10) sortby parameter to poll/poll_list.asp, and (11) unspecified inputs to downloads/add_edit_download.asp."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20060322 Re: [SPAM:] - ASPPortal \u003c= 3.1.1 Multiple Remote SQL Injection Vulnerabilities - Email has different SMTP TO: and MIME TO: fields in the email addresses",
                  "refsource": "FULLDISC",
                  "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1431.html"
                },
                {
                  "name": "24091",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/24091"
                },
                {
                  "name": "19286",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/19286"
                },
                {
                  "name": "24092",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/24092"
                },
                {
                  "name": "24090",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/24090"
                },
                {
                  "name": "http://www.nukedx.com/?viewdoc=21",
                  "refsource": "MISC",
                  "url": "http://www.nukedx.com/?viewdoc=21"
                },
                {
                  "name": "24086",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/24086"
                },
                {
                  "name": "aspportal-multiple-aspscripts-sql-injection(25346)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25346"
                },
                {
                  "name": "608",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/608"
                },
                {
                  "name": "24085",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/24085"
                },
                {
                  "name": "20060321 ASPPortal \u003c= 3.1.1 Multiple Remote SQL Injection Vulnerabilities",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/428355/100/0/threaded"
                },
                {
                  "name": "20060322 Re: [SPAM:] - ASPPortal \u003c= 3.1.1 Multiple Remote SQL Injection Vulnerabilities - Email has different SMTP TO: and MIME TO: fields in the email addresses",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/428615/100/0/threaded"
                },
                {
                  "name": "24084",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/24084"
                },
                {
                  "name": "17174",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/17174"
                },
                {
                  "name": "ADV-2006-1014",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/1014"
                },
                {
                  "name": "24020",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/24020"
                },
                {
                  "name": "24087",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/24087"
                },
                {
                  "name": "24088",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/24088"
                },
                {
                  "name": "24089",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/24089"
                },
                {
                  "name": "1597",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/1597"
                },
                {
                  "name": "20060321 ASPPortal \u003c= 3.1.1 Multiple Remote SQL Injection Vulnerabilities",
                  "refsource": "FULLDISC",
                  "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1402.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-1353",
        "datePublished": "2006-03-22T02:00:00.000Z",
        "dateReserved": "2006-03-21T00:00:00.000Z",
        "dateUpdated": "2024-08-07T17:12:20.555Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-1261 (GCVE-0-2006-1261)

    Vulnerability from cvelistv5 – Published: 2006-03-19 02:00 – Updated: 2024-08-07 17:03
    VLAI
    Summary
    Multiple cross-site scripting (XSS) vulnerabilities in ASPPortal 3.00 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/17114 vdb-entryx_refsource_BID
    http://archives.neohapsis.com/archives/fulldisclo… mailing-listx_refsource_FULLDISC
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://securitytracker.com/id?1015772 vdb-entryx_refsource_SECTRACK
    http://www.aspportal.net/content/news/News_Item.a… x_refsource_CONFIRM
    http://www.osvdb.org/23920 vdb-entryx_refsource_OSVDB
    http://secunia.com/advisories/19247 third-party-advisoryx_refsource_SECUNIA
    http://marc.info/?l=bugtraq&m=114243660409338&w=2 mailing-listx_refsource_BUGTRAQ
    Date Public
    2006-03-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T17:03:28.624Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "17114",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/17114"
              },
              {
                "name": "20060314 CodeScan Advisory: Multiple Vulnerabilities In ASPPortal.net",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-02/1517.html"
              },
              {
                "name": "aspportal-multiple-xss(25235)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25235"
              },
              {
                "name": "1015772",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1015772"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.aspportal.net/content/news/News_Item.asp?content_ID=32"
              },
              {
                "name": "23920",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/23920"
              },
              {
                "name": "19247",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/19247"
              },
              {
                "name": "20060315 CodeScan Advisory: Multiple Vulnerabilities In ASPPortal.net",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=114243660409338\u0026w=2"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-03-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in ASPPortal 3.00 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-19T15:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "17114",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/17114"
            },
            {
              "name": "20060314 CodeScan Advisory: Multiple Vulnerabilities In ASPPortal.net",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-02/1517.html"
            },
            {
              "name": "aspportal-multiple-xss(25235)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25235"
            },
            {
              "name": "1015772",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1015772"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.aspportal.net/content/news/News_Item.asp?content_ID=32"
            },
            {
              "name": "23920",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/23920"
            },
            {
              "name": "19247",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/19247"
            },
            {
              "name": "20060315 CodeScan Advisory: Multiple Vulnerabilities In ASPPortal.net",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=114243660409338\u0026w=2"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-1261",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple cross-site scripting (XSS) vulnerabilities in ASPPortal 3.00 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "17114",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/17114"
                },
                {
                  "name": "20060314 CodeScan Advisory: Multiple Vulnerabilities In ASPPortal.net",
                  "refsource": "FULLDISC",
                  "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-02/1517.html"
                },
                {
                  "name": "aspportal-multiple-xss(25235)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25235"
                },
                {
                  "name": "1015772",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1015772"
                },
                {
                  "name": "http://www.aspportal.net/content/news/News_Item.asp?content_ID=32",
                  "refsource": "CONFIRM",
                  "url": "http://www.aspportal.net/content/news/News_Item.asp?content_ID=32"
                },
                {
                  "name": "23920",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/23920"
                },
                {
                  "name": "19247",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/19247"
                },
                {
                  "name": "20060315 CodeScan Advisory: Multiple Vulnerabilities In ASPPortal.net",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=114243660409338\u0026w=2"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-1261",
        "datePublished": "2006-03-19T02:00:00.000Z",
        "dateReserved": "2006-03-18T00:00:00.000Z",
        "dateUpdated": "2024-08-07T17:03:28.624Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-1262 (GCVE-0-2006-1262)

    Vulnerability from cvelistv5 – Published: 2006-03-19 02:00 – Updated: 2024-08-07 17:03
    VLAI
    Summary
    Multiple SQL injection vulnerabilities in ASPPortal 3.00 have unknown impact and attack vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/bid/17114 vdb-entryx_refsource_BID
    http://archives.neohapsis.com/archives/fulldisclo… mailing-listx_refsource_FULLDISC
    http://www.osvdb.org/23919 vdb-entryx_refsource_OSVDB
    http://securitytracker.com/id?1015772 vdb-entryx_refsource_SECTRACK
    http://www.aspportal.net/content/news/News_Item.a… x_refsource_CONFIRM
    http://securityreason.com/securityalert/592 third-party-advisoryx_refsource_SREASON
    http://secunia.com/advisories/19247 third-party-advisoryx_refsource_SECUNIA
    http://marc.info/?l=bugtraq&m=114243660409338&w=2 mailing-listx_refsource_BUGTRAQ
    Date Public
    2006-03-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T17:03:28.841Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "aspportal-multiple-scripts-sql-injection(25234)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25234"
              },
              {
                "name": "17114",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/17114"
              },
              {
                "name": "20060314 CodeScan Advisory: Multiple Vulnerabilities In ASPPortal.net",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-02/1517.html"
              },
              {
                "name": "23919",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/23919"
              },
              {
                "name": "1015772",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1015772"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.aspportal.net/content/news/News_Item.asp?content_ID=32"
              },
              {
                "name": "592",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/592"
              },
              {
                "name": "19247",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/19247"
              },
              {
                "name": "20060315 CodeScan Advisory: Multiple Vulnerabilities In ASPPortal.net",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=114243660409338\u0026w=2"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-03-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple SQL injection vulnerabilities in ASPPortal 3.00 have unknown impact and attack vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-19T15:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "aspportal-multiple-scripts-sql-injection(25234)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25234"
            },
            {
              "name": "17114",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/17114"
            },
            {
              "name": "20060314 CodeScan Advisory: Multiple Vulnerabilities In ASPPortal.net",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-02/1517.html"
            },
            {
              "name": "23919",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/23919"
            },
            {
              "name": "1015772",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1015772"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.aspportal.net/content/news/News_Item.asp?content_ID=32"
            },
            {
              "name": "592",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/592"
            },
            {
              "name": "19247",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/19247"
            },
            {
              "name": "20060315 CodeScan Advisory: Multiple Vulnerabilities In ASPPortal.net",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=114243660409338\u0026w=2"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-1262",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple SQL injection vulnerabilities in ASPPortal 3.00 have unknown impact and attack vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "aspportal-multiple-scripts-sql-injection(25234)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25234"
                },
                {
                  "name": "17114",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/17114"
                },
                {
                  "name": "20060314 CodeScan Advisory: Multiple Vulnerabilities In ASPPortal.net",
                  "refsource": "FULLDISC",
                  "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-02/1517.html"
                },
                {
                  "name": "23919",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/23919"
                },
                {
                  "name": "1015772",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1015772"
                },
                {
                  "name": "http://www.aspportal.net/content/news/News_Item.asp?content_ID=32",
                  "refsource": "CONFIRM",
                  "url": "http://www.aspportal.net/content/news/News_Item.asp?content_ID=32"
                },
                {
                  "name": "592",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/592"
                },
                {
                  "name": "19247",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/19247"
                },
                {
                  "name": "20060315 CodeScan Advisory: Multiple Vulnerabilities In ASPPortal.net",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=114243660409338\u0026w=2"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-1262",
        "datePublished": "2006-03-19T02:00:00.000Z",
        "dateReserved": "2006-03-18T00:00:00.000Z",
        "dateUpdated": "2024-08-07T17:03:28.841Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }