← Back

Fullrevolution

fullrevolution

5 CVEs • 3 products

Products (3)

Click to collapse
Toggle
Aspwebalbum
aspwebalbum
3 CVEs
Aspwebcalendar2008
aspwebcalendar2008
1 CVE
Aspwebcalendar
aspwebcalendar
1 CVE

CVEs (5)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2008-6978
1Fullrevolution
1Aspwebalbum
Apr 23, 2026
Aug 19, 2009
N/A· v4
N/A· v3
6.8 MEDIUM· v2
Unrestricted file upload vulnerability in Full Revolution aspWebAlbum 3.2 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the...Show more
Unrestricted file upload vulnerability in Full Revolution aspWebAlbum 3.2 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in pics/, related to the uploadmedia action in album.asp.Show less
CVE-2008-6977
1Fullrevolution
1Aspwebalbum
Apr 23, 2026
Aug 19, 2009
N/A· v4
N/A· v3
4.3 MEDIUM· v2
Cross-site scripting (XSS) vulnerability in album.asp in Full Revolution aspWebAlbum 3.2 allows remote attackers to inject arbitrary web script or HTML via the message parameter in a summary action.
CVE-2009-1223
1Fullrevolution
1Aspwebcalendar
Apr 23, 2026
Apr 2, 2009
N/A· v4
N/A· v3
5.0 MEDIUM· v2
aspWebCalendar Free Edition stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user credentials via a direct request for cale...Show more
aspWebCalendar Free Edition stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user credentials via a direct request for calendar/calendar.mdb.Show less
CVE-2008-2832
1Fullrevolution
1Aspwebcalendar2008
Apr 23, 2026
Jun 24, 2008
N/A· v4
N/A· v3
10.0 HIGH· v2
Unrestricted file upload vulnerability in calendar_admin.asp in Full Revolution aspWebCalendar 2008 allows remote attackers to upload and execute arbitrary code via the FILE1 parameter in an uploadfileprocess action, pro...Show more
Unrestricted file upload vulnerability in calendar_admin.asp in Full Revolution aspWebCalendar 2008 allows remote attackers to upload and execute arbitrary code via the FILE1 parameter in an uploadfileprocess action, probably followed by a direct request to the file in calendar/eventimages/.Show less
CVE-2004-1553
1Fullrevolution
1Aspwebalbum
Apr 16, 2026
Dec 31, 2004
N/A· v4
N/A· v3
7.5 HIGH· v2
SQL injection vulnerability in aspWebAlbum allows remote attackers to execute arbitrary SQL statements via (1) the username field on the login page or (2) the cat parameter to album.asp. NOTE: it was later reported that...Show more
SQL injection vulnerability in aspWebAlbum allows remote attackers to execute arbitrary SQL statements via (1) the username field on the login page or (2) the cat parameter to album.asp. NOTE: it was later reported that vector 1 affects aspWebAlbum 3.2, and the vector involves the txtUserName parameter in a processlogin action to album.asp, as reachable from the login action.Show less