CVE-2012-4061
https://notcve.org/view.php?id=CVE-2012-4061
Multiple SQL injection vulnerabilities in ASP-DEv XM Diary allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to diary_view.asp or (2) view_date parameter to default.asp. Múltiples vulnerabilidades de inyección SQL en ASP-DEv XM Diary, permite a atacantes remotos ejecutar comandos SQL de su elección a través de (1) el parámetro id en diary_view.asp o (2) el parámetro view_date en default.asp. • http://packetstormsecurity.org/files/112257/ASP-DEv-XM-Diary-SQL-Injection.html https://exchange.xforce.ibmcloud.com/vulnerabilities/75262 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2012-4060 – XM Forum - 'id' Multiple SQL Injections
https://notcve.org/view.php?id=CVE-2012-4060
Multiple SQL injection vulnerabilities in ASP-DEv XM Forums RC3 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) profile.asp, (2) forum.asp, or (3) topic.asp. Múltiples vulnerabilidades de inyección SQL en ASP-DEv XM Forums RC3, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro id de (1) profile.asp, (2) forum.asp, or (3) topic.asp. • https://www.exploit-db.com/exploits/37119 http://packetstormsecurity.org/files/112259/ASP-DEv-XM-Forums-SQL-Injection.html http://www.securityfocus.com/bid/53292 https://exchange.xforce.ibmcloud.com/vulnerabilities/75261 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2008-5924
https://notcve.org/view.php?id=CVE-2008-5924
SQL injection vulnerability in diary_viewC.asp in ASP-DEv XM Events Diary allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Vulnerabilidad de inyección SQL en diary_viewC.asp in ASP-DEv XM Events Diary permite a atacantes remotos ejecutar comandos SQL de su elección mediante el parámetro cat. NOTA: el origen de esta información es desconocido; los detalles se han obtenido únicamente de información de terceros. • http://secunia.com/advisories/33152 http://www.securityfocus.com/bid/33499 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2008-5925
https://notcve.org/view.php?id=CVE-2008-5925
ASP-DEv XM Events Diary stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for diary.mdb. ASP-DEv XM Events Diary almacena información sensible en la raíz web con un control de acceso insuficiente, loq ue permite a atacantes remotos descargar el archivo base de datos mediante una petición directa a diary.mdb. • http://packetstormsecurity.org/0812-exploits/aspdevxmdiary-sqldisclose.txt • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2008-5923 – ASP-DEV XM Events Diary - 'cat' SQL Injection
https://notcve.org/view.php?id=CVE-2008-5923
SQL injection vulnerability in default.asp in ASP-DEv XM Events Diary allows remote attackers to execute arbitrary SQL commands the cat parameter. Vulnerabilidad de inyección SQL en default.asp en ASP-DEv XM Events Diary permite a aatacantes remotos ejecutar comandos SQL de su elección a través del parámetro "cat" • https://www.exploit-db.com/exploits/32658 http://packetstormsecurity.org/0812-exploits/aspdevxmdiary-sqldisclose.txt http://secunia.com/advisories/33152 http://www.securityfocus.com/bid/32809 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •