11 matches found
EUVD-2005-1152
Malware in sbrugna...
ECommPro 3.0 - Admin/Login.ASP SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/13274/info EcommProV3 is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could...
EimsCMS V3. 7 a very tasteless of vulnerability-vulnerability warning-the black bar safety net
| EimsCMS V3. 7 0day Default background: admin/login. asp Default database: data/eimscms. mdb Vulnerability file: admin/checklogin. asp --- " Response. Write "" Response. Write "" Response. Write "verify login" Response. Write "" Response. Write "" '-------------------------------------------- Di...
Easy easy to purchase online shopping system EEGshop v1. 2SQL injection vulnerability-vulnerability warning-the black bar safety net
Easy easy to purchase online shopping system EEGshop v1. 2SQL injection vulnerability The problem in the user/shhrinc. asp file, see here the code: if request. QueryString"action"="edit" then id=request. QueryString"id" if id="" then response. End set rs=server. CreateObject"adodb. recordset" rs...
Sql injection
SQL injection vulnerability in admin/login.asp in Professional Download Assistant 0.1 allows remote attackers to execute arbitrary SQL commands via the 1 uname parameter aka user field or the 2 psw parameter aka passwd field. NOTE: some of these details are obtained from third party information...
CVE-2008-5571
CVE-2008-5571 describes an SQL injection vulnerability in the web app Professional Download Assistant 0.1 , specifically in admin/login.asp . An attacker can pass crafted values in the two fields, uname (user) or psw (passwd), to cause arbitrary SQL execution on the backend database. This can lea...
Sql injection
Multiple SQL injection vulnerabilities in admin/login.asp in E. Z. Poll 2 allow remote attackers to execute arbitrary SQL commands via the 1 Username and 2 Password parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2007-0575
Multiple SQL injection vulnerabilities in the administrative login page admin/login.asp in ASPCode.net AdMentor allow remote attackers to execute arbitrary SQL commands via the 1 Userid and 2 Password fields...
CVE-2005-3384
SQL injection vulnerability in Techno Dreams Guest Book script allows remote attackers to execute arbitrary SQL commands and bypass authentication via the userid parameter in admin/login.asp...
CVE-2005-3385
The CVE-2005-3385 entry describes a SQL injection vulnerability in Techno Dreams Mailing List script that allows remote attackers to execute arbitrary SQL and bypass authentication via the userid parameter in admin/login.asp. Affected component: the Mailing List script; vulnerability type: SQL in...
CVE-2005-1149
CVE-2005-1149 is a SQL injection flaw in aspclick.it ACNews 1.0, affecting admin/login.asp where the (1) username and (2) password parameters are unsafely handled. The Red Hat advisory echoes the same description, indicating remote attackers could execute arbitrary SQL commands. The available doc...