dotnetindex 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
公開された問題は vendor risk sql injection and vendor risk cross-site scripting に関連することが多く、vendor surface production workloads and vendor surface software deployment の文脈で vendor impact data exposure and vendor impact session compromise などの暴露リスクを伴う場合があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2008-5596 | Ikon AdManager 2.1 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for ikonBAnner_AdManager.mdb. | [email protected] | 5.0 | 2.59% | 2008-12-16 | 2026-06-16 |
| CVE-2008-5572 | Professional Download Assistant 0.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for database/downloads.mdb. | [email protected] | 5.0 | 7.39% | 2008-12-15 | 2026-06-16 |
| CVE-2008-5571 | SQL injection vulnerability in admin/login.asp in Professional Download Assistant 0.1 allows remote attackers to execute arbitrary SQL commands via the (1) uname parameter (aka user field) or the (2) psw parameter (aka passwd field). NOTE: some of these details are obtained from third party information. | [email protected] | 7.5 | 2.37% | 2008-12-15 | 2026-06-16 |
| CVE-2006-6096 | Cross-site scripting (XSS) vulnerability in activenews_search.asp in ActiveNews Manager allows remote attackers to inject arbitrary web script or HTML via the query parameter. | [email protected] | 4.3 | 1.85% | 2006-11-24 | 2026-06-16 |
| CVE-2006-6095 | Multiple SQL injection vulnerabilities in ActiveNews Manager allow remote attackers to execute arbitrary SQL commands via the (1) articleID parameter to activenews_view.asp or the (2) page parameter to default.asp. NOTE: the activeNews_categories.asp and activeNews_comments.asp vectors are already covered by CVE-2006-6094. | [email protected] | 7.5 | 1.37% | 2006-11-24 | 2026-06-16 |
| CVE-2006-6094 | Multiple SQL injection vulnerabilities in ActiveNews Manager allow remote attackers to execute arbitrary SQL commands via the (1) catID parameter to activeNews_categories.asp, the (2) articleID parameter to activeNews_comments.asp, or the (3) query parameter to activenews_search.asp. | [email protected] | 7.5 | 3.59% | 2006-11-24 | 2026-06-16 |
| CVE-2005-1780 | SQL injection vulnerability in admin/login.asp in Active News Manager allows remote attackers to execute arbitrary SQL commands via the password. | [email protected] | 7.5 | 1.32% | 2005-05-31 | 2026-06-16 |