Lucene search
+L

5 matches found

CVE
CVE
added 2008/08/05 8:0 p.m.47 views

CVE-2008-3483

CVE-2008-3483 : In ScrewTurn Wiki, vulnerable versions are 2.0.29 and 2.0.30. The issue is a cross-site scripting (XSS) vulnerability exposed via error messages on the "/admin.aspx - System Log" page, allowing remote attackers to inject arbitrary script/HTML. Root cause details are not fully disc...

4.3CVSS5.7AI score0.01507EPSS
Exploits0References5Affected Software1
Prion
Prion
added 2007/08/01 4:17 p.m.19 views

Sql injection

Multiple SQL injection vulnerabilities in admin.aspx in E-Commerce Scripts Shopping Cart Script, Multi-Vendor E-Shop Script, and Auction Script allow remote attackers to execute arbitrary SQL commands via the 1 EmailAdd Username and 2 Pass password parameters. NOTE: some of these details are...

10CVSS9.2AI score0.02186EPSS
Exploits1References6
CVE
CVE
added 2007/08/01 4:0 p.m.49 views

CVE-2007-4121

CVE-2007-4121 relates to multiple SQL injection flaws in admin.aspx across three scripts: E-Commerce Scripts Shopping Cart Script, Multi-Vendor E-Shop Script, and Auction Script. The vulnerability allows remote attackers to inject SQL via the EmailAdd (Username) and Pass (password) parameters, po...

10CVSS8.5AI score0.02186EPSS
Exploits1References6Affected Software3
securityvulns
securityvulns
added 2007/07/31 12:0 a.m.43 views

E-commerceScripts ALL Apps (Auction Script, Shopping Cart Script and Multi-Vendor E-Shop Script) admin.aspx SQL

A R I A - S E C U R I T Y Vendor: http://www.e-commercescripts.com/dotnet/ E-commerceScripts ALL Apps Auction Script, Shopping Cart Script and Multi-Vendor E-Shop Script admin.aspx SQL Injection Username: anything' OR 'x'='x password: whatever you want or anything' OR 'x'='x Credits: Aria-Securit...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2007/07/31 12:0 a.m.15 views

ecomscr-sql.txt

A R I A - S E C U R I T Y Vendor: http://www.e-commercescripts.com/dotnet/ E-commerceScripts ALL Apps Auction Script, Shopping Cart Script and Multi-Vendor E-Shop Script admin.aspx SQL Injection Username: anything' OR 'x'='x password: whatever you want or anything' OR 'x'='x Credits: Aria-Securit...

7.4AI score
Exploits0
Rows per page
Query Builder