27 matches found
EUVD-2009-4198
Malware in sbrugna...
EUVD-2009-0433
Malware in sbrugna...
EUVD-2009-0434
Malware in sbrugna...
EUVD-2008-5614
Malware in sbrugna...
CVE-2009-4229
Multiple SQL injection vulnerabilities in ActiveWebSoftwares Active Bids allow remote attackers to execute arbitrary SQL commands via 1 the catid parameter in the PATHINFO to the default URI or 2 the catid parameter to default.asp. NOTE: this might overlap CVE-2009-0429.3. NOTE: the provenance of...
CVE-2009-4229
Multiple SQL injection vulnerabilities in ActiveWebSoftwares Active Bids allow remote attackers to execute arbitrary SQL commands via 1 the catid parameter in the PATHINFO to the default URI or 2 the catid parameter to default.asp. NOTE: this might overlap CVE-2009-0429.3. NOTE: the provenance of...
CVE-2009-4229
CVE-2009-4229 involves multiple SQL injection vulnerabilities in ActiveBids (ActiveWebSoftwares). The affected component is the Active Bids web application, with vulnerabilities exploitable through (1) the catid parameter in the PATH_INFO to the default URI and (2) the catid parameter to default....
Sql injection
Multiple SQL injection vulnerabilities in Active Bids allow remote attackers to execute arbitrary SQL commands via the 1 search parameter to search.asp, 2 SortDir parameter to auctionsended.asp, and the 3 catid parameter to wishlist.php...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Active Bids allow remote attackers to inject arbitrary web script or HTML via the 1 search parameter to search.asp and the 2 URL parameter to tellafriend.asp...
CVE-2009-0429
Multiple SQL injection vulnerabilities in Active Bids allow remote attackers to execute arbitrary SQL commands via the 1 search parameter to search.asp, 2 SortDir parameter to auctionsended.asp, and the 3 catid parameter to wishlist.php...
CVE-2009-0430
Multiple cross-site scripting XSS vulnerabilities in Active Bids allow remote attackers to inject arbitrary web script or HTML via the 1 search parameter to search.asp and the 2 URL parameter to tellafriend.asp...
CVE-2009-0430
Multiple cross-site scripting XSS vulnerabilities in Active Bids allow remote attackers to inject arbitrary web script or HTML via the 1 search parameter to search.asp and the 2 URL parameter to tellafriend.asp...
CVE-2009-0429
Multiple SQL injection vulnerabilities in Active Bids allow remote attackers to execute arbitrary SQL commands via the 1 search parameter to search.asp, 2 SortDir parameter to auctionsended.asp, and the 3 catid parameter to wishlist.php...
CVE-2009-0429
CVE-2009-0429 covers multiple SQL injection vulnerabilities in Active Bids by ActiveWebSoftwares. The issues permit remote execution of arbitrary SQL through user-supplied input in three vectors: (1) the search parameter to search.asp, (2) the SortDir parameter to auctionsended.asp, and (3) the c...
CVE-2009-0430
Active Bids is affected by CVE-2009-0430 through multiple cross-site scripting (XSS) vulnerabilities. The issue allows remote attackers to inject arbitrary script/HTML via the (1) search parameter to search.asp and (2) the URL parameter to tellafriend.asp. NVD lists a CVSS v2 base score of 4.3 (M...
Active Bids XSS / SQL Injection
--------------------------------------------------------- Portal Name: Active Bids Vendor : http://www.activewebsoftwares.com/P84ActiveBids.aspx?Tabopen=1 Author : PouyaServer , [email protected] Aria-Security.Net Vulnerability : SQL/XSS...
Active Bids
--------------------------------------------------------- Portal Name: Active Bids Vendor : http://www.activewebsoftwares.com/P84ActiveBids.aspx?Tabopen=1 Author : PouyaServer , [email protected] Aria-Security.Net Vulnerability : SQL/XSS...
Active Bids - 'search' Cross-Site Scripting
source: https://www.securityfocus.com/bid/33306/info Active Auction House and Active Auction Pro are prone to SQL-injection and cross-site scripting vulnerabilities because they fail to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to steal cookie-based...
CVE-2008-5640
SQL injection vulnerability in bidhistory.asp in Active Bids 3.5 allows remote attackers to execute arbitrary SQL commands via the ItemID parameter...
Sql injection
SQL injection vulnerability in bidhistory.asp in Active Bids 3.5 allows remote attackers to execute arbitrary SQL commands via the ItemID parameter...