Aggregates CVE and security vulnerability intelligence across all aspindir-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Common weakness patterns include vendor risk sql injection and vendor risk cross-site scripting, with potential vendor impact data exposure and vendor impact session compromise across vendor surface production workloads use cases.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2010-4856 | SQL injection vulnerability in arsiv.asp in xWeblog 2.2 allows remote attackers to execute arbitrary SQL commands via the tarih parameter. | [email protected] | 7.5 | 0.29% | 2011-10-05 | 2026-04-29 |
| CVE-2010-4855 | SQL injection vulnerability in oku.asp in xWeblog 2.2 allows remote attackers to execute arbitrary SQL commands via the makale_id parameter. | [email protected] | 7.5 | 1.02% | 2011-10-05 | 2026-04-29 |
| CVE-2010-4145 | Kisisel Radyo Script stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for sevvo/eco23.mdb. | [email protected] | 5.0 | 5.23% | 2010-11-02 | 2026-04-29 |
| CVE-2010-4144 | SQL injection vulnerability in radyo.asp in Kisisel Radyo Script allows remote attackers to execute arbitrary SQL commands via the Id parameter. | [email protected] | 7.5 | 0.89% | 2010-11-02 | 2026-04-29 |
| CVE-2010-1736 | KrM Haber 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for d_atabase/Krmdb.mdb. | [email protected] | 5.0 | 0.29% | 2010-05-06 | 2026-04-29 |
| CVE-2009-4820 | Angelo-Emlak 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for veribaze/angelo.mdb. | [email protected] | 5.0 | 5.02% | 2010-04-27 | 2026-04-29 |
| CVE-2010-1116 | LookMer Music Portal stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for dbmdb/LookMerSarkiMDB.mdb. | [email protected] | 5.0 | 0.29% | 2010-03-25 | 2026-04-29 |
| CVE-2010-1064 | Erolife AjxGaleri VT stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/ajxgaleri.mdb. | [email protected] | 5.0 | 5.23% | 2010-03-23 | 2026-04-29 |
| CVE-2009-4585 | UranyumSoft Listing Service stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/db.mdb. | [email protected] | 5.0 | 5.49% | 2010-01-06 | 2026-04-23 |
| CVE-2008-6641 | Multiple SQL injection vulnerabilities in Shader TV (Beta) allow remote authenticated administrators to execute arbitrary SQL commands via the sid parameter to (1) kanal.asp, (2) google.asp, and (3) hakk.asp in yonet/; and allow remote attackers to execute arbitrary SQL commands via the (4) username or (5) password fields to yonet/default.asp. | [email protected] | 6.5 | 0.35% | 2009-04-07 | 2026-04-23 |
| CVE-2008-6640 | Multiple SQL injection vulnerabilities in BatmanPorTaL allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) uyeadmin.asp and (2) profil.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | [email protected] | 7.5 | 0.41% | 2009-04-07 | 2026-04-23 |
| CVE-2009-0447 | Multiple SQL injection vulnerabilities in default.asp in MyDesign Sayac 2.0 allow remote attackers to execute arbitrary SQL commands via (1) the user parameter (aka UserName field) or (2) the pass parameter (aka Pass field) to (a) admin/admin.asp or (b) the default URI under admin/. NOTE: some of these details are obtained from third party information. | [email protected] | 7.5 | 0.48% | 2009-02-10 | 2026-04-23 |
| CVE-2008-5707 | SQL injection vulnerability in urunler.asp in Iltaweb Alisveris Sistemi allows remote attackers to execute arbitrary SQL commands via the catno parameter. | [email protected] | 7.5 | 0.37% | 2008-12-24 | 2026-04-23 |
| CVE-2008-5057 | SQL injection vulnerability in film.asp in Yigit Aybuga Dizi Portali allows remote attackers to execute arbitrary SQL commands via the film parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | [email protected] | 7.5 | 0.47% | 2008-11-13 | 2026-04-23 |
| CVE-2008-4574 | SQL injection vulnerability in default.asp in Ayco Okul Portali allows remote attackers to execute arbitrary SQL commands via the linkid parameter. | [email protected] | 7.5 | 0.42% | 2008-10-15 | 2026-04-23 |
| CVE-2008-4573 | SQL injection vulnerability in kategori.asp in MunzurSoft Wep Portal W3 allows remote attackers to execute arbitrary SQL commands via the kat parameter. | [email protected] | 7.5 | 0.51% | 2008-10-15 | 2026-04-23 |
| CVE-2008-3888 | SQL injection vulnerability in members.asp in Mini-NUKE Freehost 2.3 allows remote attackers to execute arbitrary SQL commands via the uid parameter in a member_details action. | [email protected] | 7.5 | 0.50% | 2008-09-02 | 2026-04-23 |
| CVE-2008-3495 | SQL injection vulnerability in kategori.asp in Pcshey Portal allows remote attackers to execute arbitrary SQL commands via the kid parameter. | [email protected] | 7.5 | 0.39% | 2008-08-06 | 2026-04-23 |
| CVE-2008-2882 | upgrade.asp in sHibby sHop 2.2 and earlier does not require administrative authentication, which allows remote attackers to update a file or have unspecified other impact via a direct request. | [email protected] | 7.5 | 5.16% | 2008-06-26 | 2026-04-23 |
| CVE-2008-2873 | sHibby sHop 2.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request to Db/urun.mdb. | [email protected] | 5.0 | 5.90% | 2008-06-26 | 2026-04-23 |