Lucene search

[email protected]CVE-2005-1029

HistoryApr 09, 2005 - 4:00 a.m.

CVE-2005-1029

2005-04-0904:00:00

[email protected]

web.nvd.nist.gov

sql injection

remote attackers

active auction house

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.5 High

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

80.1%

JSON

Multiple SQL injection vulnerabilities in Active Auction House allow remote attackers to execute arbitrary SQL commands via the (1) catid, (2) SortDir, or (3) Sortby parameter to default.asp, (4) itemID parameter to ItemInfo.asp, or (5) Email field to sendpassword.asp.

Affected configurations

NVD

Node

active_web_softwaresactive_auction_houseMatch7.1pro

CPENameOperatorVersion
active_web_softwares:active_auction_houseactive web softwares active auction houseeq7.1

CPE	Name	Operator	Version
active_web_softwares:active_auction_house	active web softwares active auction house	eq	7.1

References

digitalparadox.org/advisories/aass.txt

marc.info/?l=bugtraq&m=111280834000432&w=2

secunia.com/advisories/14839

www.osvdb.org/15281

www.osvdb.org/15282

www.osvdb.org/15283

www.securityfocus.com/bid/13032

www.securityfocus.com/bid/13034

www.securityfocus.com/bid/13035

www.securitytracker.com/alerts/2005/Apr/1013649.html

exchange.xforce.ibmcloud.com/vulnerabilities/19977

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.5 High

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

80.1%

JSON

Related for CVE-2005-1029

cvelist2 nvd2 nessus1 prion1 cve1