SQL injection vulnerability in vir_Login.asp in Property Pro 1.0 allows remote attackers to execute arbitrary SQL commands via the UserName field.
http://www.securityfocus.com/bid/24992
http://www.securityfocus.com/archive/1/474321/100/0/threaded
http://www.securityfocus.com/archive/1/451364/100/100/threaded