FullrevolutionCVEs & Vulnerabilities

5 CVEs affecting Fullrevolution products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

aspwebalbum 3aspwebcalendar 1aspwebcalendar2008 1
CVE-2008-6978MEDIUMpoc

Unrestricted file upload vulnerability in Full Revolution aspWebAlbum 3.2 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in pics/, related to the uploadmedia action in album.asp.

19 Aug 2009
6.8
CVSS
CVE-2008-6977MEDIUMpoc

Cross-site scripting (XSS) vulnerability in album.asp in Full Revolution aspWebAlbum 3.2 allows remote attackers to inject arbitrary web script or HTML via the message parameter in a summary action.

19 Aug 2009
4.3
CVSS
CVE-2009-1223MEDIUM

aspWebCalendar Free Edition stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user credentials via a direct request for calendar/calendar.mdb.

2 Apr 2009
5.0
CVSS
CVE-2008-2832CRITICALpoc

Unrestricted file upload vulnerability in calendar_admin.asp in Full Revolution aspWebCalendar 2008 allows remote attackers to upload and execute arbitrary code via the FILE1 parameter in an uploadfileprocess action, probably followed by a direct request to the file in calendar/eventimages/.

24 Jun 2008
10.0
CVSS
CVE-2004-1553HIGHpoc

SQL injection vulnerability in aspWebAlbum allows remote attackers to execute arbitrary SQL statements via (1) the username field on the login page or (2) the cat parameter to album.asp. NOTE: it was later reported that vector 1 affects aspWebAlbum 3.2, and the vector involves the txtUserName parameter in a processlogin action to album.asp, as reachable from the login action.

31 Dec 2004
7.5
CVSS
← PrevPage 1 / 1Next →