9 matches found
EUVD-2006-1029
Malware in sbrugna...
EUVD-2006-1028
Malware in sbrugna...
Sql injection
SQL injection vulnerability in MgrLogin.asp in Addsoft StoreBot 2005 Professional allows remote attackers to execute arbitrary SQL commands via the Pwd parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2006-1024
SQL injection vulnerability in MgrLogin.asp in Addsoft StoreBot 2005 Professional allows remote attackers to execute arbitrary SQL commands via the Pwd parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2006-1025
Cross-site scripting XSS vulnerability in manage.asp in Addsoft StoreBot 2002 Standard allows remote attackers to inject arbitrary web script or HTML via the ShipMethod parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
Cross site scripting
Cross-site scripting XSS vulnerability in manage.asp in Addsoft StoreBot 2002 Standard allows remote attackers to inject arbitrary web script or HTML via the ShipMethod parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2006-1024
CVE-2006-1024 affects Addsoft StoreBot 2005 Professional via SQL injection in MgrLogin.asp, exploitable through the Pwd parameter to execute arbitrary SQL commands remotely. The description notes third-party provenance; no explicit exploit details or patch/remediation are provided in the document...
CVE-2006-1025
The provided sources describe CVE-2006-1025 as a cross-site scripting (XSS) vulnerability in Addsoft StoreBot 2002 Standard, affecting the manage.asp page. The issue is exploitable by remote attackers who can inject arbitrary script/HTML via the ShipMethod parameter. Affected software/component: ...
CVE-2006-1024
SQL injection vulnerability in MgrLogin.asp in Addsoft StoreBot 2005 Professional allows remote attackers to execute arbitrary SQL commands via the Pwd parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...