27 matches found
EUVD-2009-4198
Malware in sbrugna...
EUVD-2009-0433
Malware in sbrugna...
EUVD-2009-0434
Malware in sbrugna...
EUVD-2008-5614
Malware in sbrugna...
CVE-2009-4229
Multiple SQL injection vulnerabilities in ActiveWebSoftwares Active Bids allow remote attackers to execute arbitrary SQL commands via 1 the catid parameter in the PATHINFO to the default URI or 2 the catid parameter to default.asp. NOTE: this might overlap CVE-2009-0429.3. NOTE: the provenance of...
CVE-2009-4229
Multiple SQL injection vulnerabilities in ActiveWebSoftwares Active Bids allow remote attackers to execute arbitrary SQL commands via 1 the catid parameter in the PATHINFO to the default URI or 2 the catid parameter to default.asp. NOTE: this might overlap CVE-2009-0429.3. NOTE: the provenance of...
CVE-2009-4229
CVE-2009-4229 involves multiple SQL injection vulnerabilities in ActiveBids (ActiveWebSoftwares). The affected component is the Active Bids web application, with vulnerabilities exploitable through (1) the catid parameter in the PATH_INFO to the default URI and (2) the catid parameter to default....
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Active Bids allow remote attackers to inject arbitrary web script or HTML via the 1 search parameter to search.asp and the 2 URL parameter to tellafriend.asp...
Sql injection
Multiple SQL injection vulnerabilities in Active Bids allow remote attackers to execute arbitrary SQL commands via the 1 search parameter to search.asp, 2 SortDir parameter to auctionsended.asp, and the 3 catid parameter to wishlist.php...
CVE-2009-0430
Multiple cross-site scripting XSS vulnerabilities in Active Bids allow remote attackers to inject arbitrary web script or HTML via the 1 search parameter to search.asp and the 2 URL parameter to tellafriend.asp...
CVE-2009-0429
Multiple SQL injection vulnerabilities in Active Bids allow remote attackers to execute arbitrary SQL commands via the 1 search parameter to search.asp, 2 SortDir parameter to auctionsended.asp, and the 3 catid parameter to wishlist.php...
CVE-2009-0430
Multiple cross-site scripting XSS vulnerabilities in Active Bids allow remote attackers to inject arbitrary web script or HTML via the 1 search parameter to search.asp and the 2 URL parameter to tellafriend.asp...
CVE-2009-0429
Multiple SQL injection vulnerabilities in Active Bids allow remote attackers to execute arbitrary SQL commands via the 1 search parameter to search.asp, 2 SortDir parameter to auctionsended.asp, and the 3 catid parameter to wishlist.php...
CVE-2009-0429
CVE-2009-0429 covers multiple SQL injection vulnerabilities in Active Bids by ActiveWebSoftwares. The issues permit remote execution of arbitrary SQL through user-supplied input in three vectors: (1) the search parameter to search.asp, (2) the SortDir parameter to auctionsended.asp, and (3) the c...
CVE-2009-0430
Active Bids is affected by CVE-2009-0430 through multiple cross-site scripting (XSS) vulnerabilities. The issue allows remote attackers to inject arbitrary script/HTML via the (1) search parameter to search.asp and (2) the URL parameter to tellafriend.asp. NVD lists a CVSS v2 base score of 4.3 (M...
Active Bids
--------------------------------------------------------- Portal Name: Active Bids Vendor : http://www.activewebsoftwares.com/P84ActiveBids.aspx?Tabopen=1 Author : PouyaServer , [email protected] Aria-Security.Net Vulnerability : SQL/XSS...
Active Bids XSS / SQL Injection
--------------------------------------------------------- Portal Name: Active Bids Vendor : http://www.activewebsoftwares.com/P84ActiveBids.aspx?Tabopen=1 Author : PouyaServer , [email protected] Aria-Security.Net Vulnerability : SQL/XSS...
Active Bids - 'search' Cross-Site Scripting
source: https://www.securityfocus.com/bid/33306/info Active Auction House and Active Auction Pro are prone to SQL-injection and cross-site scripting vulnerabilities because they fail to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to steal cookie-based...
Sql injection
SQL injection vulnerability in bidhistory.asp in Active Bids 3.5 allows remote attackers to execute arbitrary SQL commands via the ItemID parameter...
CVE-2008-5640
SQL injection vulnerability in bidhistory.asp in Active Bids 3.5 allows remote attackers to execute arbitrary SQL commands via the ItemID parameter...