30 matches found
EUVD-2005-1032
Malware in sbrugna...
EUVD-2005-1033
Malware in sbrugna...
EUVD-2009-4404
Malware in sbrugna...
Active Auction House Sendpassword.ASP Multiple Cross-Site Scripting Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/13038/info Active Auction House is reportedly affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may...
Active Auction House start.asp ReturnURL Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/13036/info Active Auction House is reportedly affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may...
Active Auction House ItemInfo.ASP SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/13034/info Active Auction House is reportedly affected by a SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in a SQL query. Successfu...
Active Auction House 3.6 - Blind SQL Injection Vulnerability
No description provided by source. ? ?????????????????????????In The Name Of Allah The Mercifull?????????????????????? ? Tybe: wishlist.asp catid Blind SQL Injection Vulnerability Vendor: www.activewebsoftwares.com Software: Active Auction House v 3.6 author: R3d-D3v!L Date: 17.dec.2009 T!ME: 10:...
Active Bids search.asp search Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/33306/info Active Auction House and Active Auction Pro are prone to SQL-injection and cross-site scripting vulnerabilities because they fail to sufficiently sanitize user-supplied data. Exploiting these issues could allow...
Sql injection
Multiple SQL injection vulnerabilities in Active Auction House 3.6 allow remote attackers to execute arbitrary SQL commands via the 1 catid parameter to wishlist.asp and the 2 linkid parameter to links.asp. NOTE: vector 1 might overlap CVE-2005-1029.1...
CVE-2009-4437
Multiple SQL injection vulnerabilities in Active Auction House 3.6 allow remote attackers to execute arbitrary SQL commands via the 1 catid parameter to wishlist.asp and the 2 linkid parameter to links.asp. NOTE: vector 1 might overlap CVE-2005-1029.1...
CVE-2009-4437
CVE-2009-4437 affects Active Auction House 3.6. It has multiple SQL injection vulnerabilities allowing remote attackers to execute arbitrary SQL via the catid parameter to wishlist.asp and the linkid parameter to links.asp (vector 1 may overlap CVE-2005-1029). The description notes the issue is i...
Active Auction House 3.6 Blind SQL Injection
? ?????????????????????????In The Name Of Allah The Mercifull?????????????????????? ? Tybe: wishlist.asp catid Blind SQL Injection Vulnerability Vendor: www.activewebsoftwares.com Software: Active Auction House v 3.6 author: R3d-D3v!L Date: 17.dec.2009 T!ME: 10:06 pm ? Home: WwW.xP10.ME ? contact...
Active Auction House 3.6 - Blind SQL Injection
? ?????????????????????????In The Name Of Allah The Mercifull?????????????????????? ? Tybe: wishlist.asp catid Blind SQL Injection Vulnerability Vendor: www.activewebsoftwares.com Software: Active Auction House v 3.6 author: R3d-D3v!L Date: 17.dec.2009 T!ME: 10:06 pm ? Home: WwW.xP10.ME ? contact...
Active Auction House v 3.6 Blind SQL Injection Vulnerability
Exploit for unknown platform in category web applications ============================================================ Active Auction House v 3.6 Blind SQL Injection Vulnerability ============================================================ ? ?????????????????????????In The Name Of Allah The...
Active Auction House v 3.6 Blind SQL Injection Vulnerability
No description provided by source. ? ?????????????????????????In The Name Of Allah The Mercifull?????????????????????? ? Tybe: wishlist.asp catid Blind SQL Injection Vulnerability Vendor: www.activewebsoftwares.com Software: Active Auction House v 3.6 author: R3d-D3v!L Date: 17.dec.2009 T!ME: 10:...
Active Auction House 3.6 - Blind SQL Injection
Active Auction House 3.6 - Blind SQL Injection ? ?????????????????????????In The Name Of Allah The Mercifull?????????????????????? ? Tybe: wishlist.asp catid Blind SQL Injection Vulnerability Vendor: www.activewebsoftwares.com Software: Active Auction House v 3.6 author: R3d-D3v!L Date: 17.dec.20...
Active Auction House Cross Site Scripting
--------------------------------------------------------- Portal Name: Active Auction House Vendor : http://www.activewebsoftwares.com/P24ActiveAuctionHouse.aspx?Tabopen=1 Author : PouyaServer , [email protected] Aria-Security.Net Vulnerability : CM...
Active Bids - 'search' SQL Injection
source: https://www.securityfocus.com/bid/33306/info Active Auction House and Active Auction Pro are prone to SQL-injection and cross-site scripting vulnerabilities because they fail to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to steal cookie-based...
CVE-2005-1029
CVE-2005-1029 : Multiple SQL injection vulnerabilities in Active Auction House allow remote attackers to execute arbitrary SQL commands via the ASP scripts and parameters: (1) default.asp with catid, SortDir, Sortby; (2) ItemInfo.asp with itemID; (3) sendpassword.asp with Email. Root cause: impro...
CVE-2005-1030
Multiple cross-site scripting XSS vulnerabilities in Active Auction House allow remote attackers to inject arbitrary web script or HTML via the 1 ReturnURL, 2 password, 3 username parameter, 4 ReturnURL parameter to account.asp, 5 Table, 6 Title parameter to sendpassword.asp, or 7 itemid to...