CVE-2008-3483

CVE-2008-3483 : In ScrewTurn Wiki, vulnerable versions are 2.0.29 and 2.0.30. The issue is a cross-site scripting (XSS) vulnerability exposed via error messages on the "/admin.aspx - System Log" page, allowing remote attackers to inject arbitrary script/HTML. Root cause details are not fully disc...

Sql injection

Multiple SQL injection vulnerabilities in admin.aspx in E-Commerce Scripts Shopping Cart Script, Multi-Vendor E-Shop Script, and Auction Script allow remote attackers to execute arbitrary SQL commands via the 1 EmailAdd Username and 2 Pass password parameters. NOTE: some of these details are...

CVE-2007-4121

CVE-2007-4121 relates to multiple SQL injection flaws in admin.aspx across three scripts: E-Commerce Scripts Shopping Cart Script, Multi-Vendor E-Shop Script, and Auction Script. The vulnerability allows remote attackers to inject SQL via the EmailAdd (Username) and Pass (password) parameters, po...

ecomscr-sql.txt

A R I A - S E C U R I T Y Vendor: http://www.e-commercescripts.com/dotnet/ E-commerceScripts ALL Apps Auction Script, Shopping Cart Script and Multi-Vendor E-Shop Script admin.aspx SQL Injection Username: anything' OR 'x'='x password: whatever you want or anything' OR 'x'='x Credits: Aria-Securit...

E-commerceScripts ALL Apps (Auction Script, Shopping Cart Script and Multi-Vendor E-Shop Script) admin.aspx SQL

A R I A - S E C U R I T Y Vendor: http://www.e-commercescripts.com/dotnet/ E-commerceScripts ALL Apps Auction Script, Shopping Cart Script and Multi-Vendor E-Shop Script admin.aspx SQL Injection Username: anything' OR 'x'='x password: whatever you want or anything' OR 'x'='x Credits: Aria-Securit...