Search criteria
3 vulnerabilities by full_revolution
CVE-2006-2848 (GCVE-0-2006-2848)
Vulnerability from cvelistv5 – Published: 2006-06-06 20:03 – Updated: 2024-08-07 18:06
VLAI
Summary
links.asp in aspWebLinks 2.0 allows remote attackers to change the administrative password, possibly via a direct request with a modified txtAdministrativePassword field.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/435735/100… | mailing-listx_refsource_BUGTRAQ |
| https://www.exploit-db.com/exploits/1859 | exploitx_refsource_EXPLOIT-DB |
Date Public
2006-06-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:06:26.877Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060602 aspWebLinks 2.0 Remote SQL Injection / Admin Pass Change Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/435735/100/0/threaded"
},
{
"name": "1859",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/1859"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "links.asp in aspWebLinks 2.0 allows remote attackers to change the administrative password, possibly via a direct request with a modified txtAdministrativePassword field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060602 aspWebLinks 2.0 Remote SQL Injection / Admin Pass Change Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/435735/100/0/threaded"
},
{
"name": "1859",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/1859"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2848",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "links.asp in aspWebLinks 2.0 allows remote attackers to change the administrative password, possibly via a direct request with a modified txtAdministrativePassword field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060602 aspWebLinks 2.0 Remote SQL Injection / Admin Pass Change Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/435735/100/0/threaded"
},
{
"name": "1859",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/1859"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2848",
"datePublished": "2006-06-06T20:03:00.000Z",
"dateReserved": "2006-06-05T00:00:00.000Z",
"dateUpdated": "2024-08-07T18:06:26.877Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2847 (GCVE-0-2006-2847)
Vulnerability from cvelistv5 – Published: 2006-06-06 20:03 – Updated: 2024-08-07 18:06
VLAI
Summary
SQL injection vulnerability in links.asp in aspWebLinks 2.0 allows remote attackers to execute arbitrary SQL commands via the linkID parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/archive/1/435735/100… | mailing-listx_refsource_BUGTRAQ |
| https://www.exploit-db.com/exploits/1859 | exploitx_refsource_EXPLOIT-DB |
| http://secunia.com/advisories/20419 | third-party-advisoryx_refsource_SECUNIA |
| http://www.vupen.com/english/advisories/2006/2114 | vdb-entryx_refsource_VUPEN |
| http://www.securityfocus.com/bid/18235 | vdb-entryx_refsource_BID |
Date Public
2006-06-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:06:26.689Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "aspweblinks-links-sql-injection(26937)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26937"
},
{
"name": "20060602 aspWebLinks 2.0 Remote SQL Injection / Admin Pass Change Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/435735/100/0/threaded"
},
{
"name": "1859",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/1859"
},
{
"name": "20419",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20419"
},
{
"name": "ADV-2006-2114",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2114"
},
{
"name": "18235",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18235"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in links.asp in aspWebLinks 2.0 allows remote attackers to execute arbitrary SQL commands via the linkID parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "aspweblinks-links-sql-injection(26937)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26937"
},
{
"name": "20060602 aspWebLinks 2.0 Remote SQL Injection / Admin Pass Change Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/435735/100/0/threaded"
},
{
"name": "1859",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/1859"
},
{
"name": "20419",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20419"
},
{
"name": "ADV-2006-2114",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2114"
},
{
"name": "18235",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18235"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2847",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in links.asp in aspWebLinks 2.0 allows remote attackers to execute arbitrary SQL commands via the linkID parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "aspweblinks-links-sql-injection(26937)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26937"
},
{
"name": "20060602 aspWebLinks 2.0 Remote SQL Injection / Admin Pass Change Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/435735/100/0/threaded"
},
{
"name": "1859",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/1859"
},
{
"name": "20419",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20419"
},
{
"name": "ADV-2006-2114",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2114"
},
{
"name": "18235",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18235"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2847",
"datePublished": "2006-06-06T20:03:00.000Z",
"dateReserved": "2006-06-05T00:00:00.000Z",
"dateUpdated": "2024-08-07T18:06:26.689Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1552 (GCVE-0-2004-1552)
Vulnerability from cvelistv5 – Published: 2005-02-20 05:00 – Updated: 2024-08-08 00:53
VLAI
Summary
SQL injection vulnerability in aspWebCalendar allows remote attackers to execute arbitrary SQL statements via (1) the username field on the login page or (2) the eventid parameter to calendar.asp.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/11246 | vdb-entryx_refsource_BID |
| http://www.securityfocus.com/bid/23098 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/12651 | third-party-advisoryx_refsource_SECUNIA |
| https://www.exploit-db.com/exploits/3546 | exploitx_refsource_EXPLOIT-DB |
| http://marc.info/?l=bugtraq&m=109604910025090&w=2 | mailing-listx_refsource_BUGTRAQ |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.vupen.com/english/advisories/2007/1093 | vdb-entryx_refsource_VUPEN |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/24622 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2004-09-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:53:24.163Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "11246",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11246"
},
{
"name": "23098",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23098"
},
{
"name": "12651",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12651"
},
{
"name": "3546",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/3546"
},
{
"name": "20040923 aspWebCalendar /aspWebAlbum: SQL injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109604910025090\u0026w=2"
},
{
"name": "aspwebcalendar-sql-injection(17506)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17506"
},
{
"name": "ADV-2007-1093",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1093"
},
{
"name": "aspwebcalendar-calendar-sql-injection(33157)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33157"
},
{
"name": "24622",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24622"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-09-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in aspWebCalendar allows remote attackers to execute arbitrary SQL statements via (1) the username field on the login page or (2) the eventid parameter to calendar.asp."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "11246",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11246"
},
{
"name": "23098",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23098"
},
{
"name": "12651",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12651"
},
{
"name": "3546",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/3546"
},
{
"name": "20040923 aspWebCalendar /aspWebAlbum: SQL injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109604910025090\u0026w=2"
},
{
"name": "aspwebcalendar-sql-injection(17506)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17506"
},
{
"name": "ADV-2007-1093",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1093"
},
{
"name": "aspwebcalendar-calendar-sql-injection(33157)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33157"
},
{
"name": "24622",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24622"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1552",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in aspWebCalendar allows remote attackers to execute arbitrary SQL statements via (1) the username field on the login page or (2) the eventid parameter to calendar.asp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "11246",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11246"
},
{
"name": "23098",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23098"
},
{
"name": "12651",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12651"
},
{
"name": "3546",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3546"
},
{
"name": "20040923 aspWebCalendar /aspWebAlbum: SQL injection",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=109604910025090\u0026w=2"
},
{
"name": "aspwebcalendar-sql-injection(17506)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17506"
},
{
"name": "ADV-2007-1093",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1093"
},
{
"name": "aspwebcalendar-calendar-sql-injection(33157)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33157"
},
{
"name": "24622",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24622"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1552",
"datePublished": "2005-02-20T05:00:00.000Z",
"dateReserved": "2005-02-20T00:00:00.000Z",
"dateUpdated": "2024-08-08T00:53:24.163Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}