Bl@Ckbe@Rd

**Name of the Vulnerable Software and Affected Versions** ASP Inline Corporate Calendar (affected versions not specified) **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the `keyword` parameter in the "search.asp" page. **Recommendations** For ASP Inline Corporate Calendar, avoid using the `keyword` parameter in the search.asp page until the issue is resolved. As a temporary workaround, consider restricting access to the search.asp page to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** ASP Inline Corporate Calendar (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands via the `order` parameter in the active appointments.asp file. This can lead to unauthorized access and manipulation of database content. **Recommendations** For ASP Inline Corporate Calendar, consider restricting access to the active appointments.asp file until a patch is available. As a temporary workaround, avoid using the `order` parameter in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GO4I.NET ASP Forum version 1.0 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `iFor` parameter in the "forum.asp" file. **Recommendations** For GO4I.NET ASP Forum version 1.0, consider restricting access to the `iFor` parameter in the "forum.asp" file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: QuadComm Q-Shop versions 3.0 and possibly earlier Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `UserID` and `Pwd` parameters in the "users.asp" file. Recommendations: For QuadComm Q-Shop versions 3.0 and possibly earlier, consider restricting access to the `users.asp` file until a patch is available. As a temporary workaround, avoid using the `UserID` and `Pwd` parameters in the affected file to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: QuadComm Q-Shop versions 3.0 and earlier Description: A cross-site scripting issue allows remote attackers to inject arbitrary web script or HTML via the `srkeys` parameter in the "search.asp" page. Recommendations: For QuadComm Q-Shop versions 3.0 and earlier, consider restricting access to the `search.asp` page or avoid using the `srkeys` parameter until a fix is available.

**Name of the Vulnerable Software and Affected Versions** Todd Woolums ASP News Management version 2.2 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `newsID` parameter in the "viewnews.asp" file. **Recommendations** For Todd Woolums ASP News Management version 2.2, consider restricting access to the `viewnews.asp` file until a patch is available, and avoid using the `newsID` parameter in this file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** W1L3D4 Philboard versions 1.2 through 1.14 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the `searchterms` parameter in the "search.asp" page. **Recommendations** For versions 1.2 through 1.14, update the search.asp page to properly sanitize the `searchterms` parameter to prevent XSS attacks. As a temporary workaround, consider restricting access to the search.asp page until a patch is available.

SQL injection vulnerability in forum.asp in W1L3D4 Philboard 1.14 and 1.2 allows remote attackers to execute arbitrary SQL commands via the forumid parameter. NOTE: this might overlap CVE-2008-2334, CVE-2008-1939, CVE-2007-2641, or CVE-2007-0920.

Name of the Vulnerable Software and Affected Versions: WebBlizzard CMS (affected versions not specified) Description: The issue allows remote attackers to execute arbitrary SQL commands via the `page` parameter in the "index.php" file. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** DUcalendar version 1.0 **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands via the `iEve` parameter in the detail.asp file. **Recommendations** For version 1.0, avoid using the `iEve` parameter in the detail.asp file until a fix is available. As a temporary workaround, consider restricting access to the detail.asp file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** AS Pilot Cart version 7.3 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `article` parameter in a 'kb' action within the pilot.asp file. **Recommendations** For ASPilot Pilot Cart version 7.3, consider restricting access to the vulnerable pilot.asp file until a patch is available. As a temporary workaround, avoid using the `article` parameter in the affected 'kb' action to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Battle Blog versions 1.25 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `entry` parameter in the comment.asp file. **Recommendations** For Battle Blog versions 1.25 and earlier, update to a version later than 1.25 to resolve the issue. As a temporary workaround, consider restricting access to the comment.asp file to minimize the risk of exploitation. Avoid using the `entry` parameter in the comment.asp file until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Systementor PostcardMentor (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `cat fldAuto` parameter in the "step1.asp" file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.