5 matches found
CVE-2004-2173
SQL injection vulnerability in advSearchh.asp in EarlyImpact ProductCart allows remote attackers to execute arbitrary SQL commands via the priceUntil parameter...
CVE-2004-2173
CVE-2004-2173 affects EarlyImpact ProductCart (advSearch_h.asp) where the priceUntil parameter enables SQL injection, allowing remote execution of arbitrary SQL commands. Root cause: unsafely concatenated input in the SQL query. Impact per sources: partial confidentiality, integrity, and availabi...
CVE-2005-0994
Multiple SQL injection vulnerabilities in ProductCart 2.7 allow remote attackers to execute arbitrary SQL commands via 1 the Category or resultCnt parameters to advSearchh.asp, and possibly 2 the offset parameter to tarinasworldbutterflyjournal.asp. NOTE: it is possible that item 2 is the result ...
CVE-2005-0994
Multiple SQL injection vulnerabilities in ProductCart 2.7 allow remote attackers to execute arbitrary SQL commands via 1 the Category or resultCnt parameters to advSearchh.asp, and possibly 2 the offset parameter to tarinasworldbutterflyjournal.asp. NOTE: it is possible that item 2 is the result ...
CVE-2005-0995
CVE-2005-0995 indicates multiple cross-site scripting (XSS) vulnerabilities in ProductCart 2.7. Attackers can inject arbitrary script or HTML via four parameters: (1) keyword to advSearch_h.asp, (2) redirectUrl to NewCust.asp, (3) country to storelocator_submit.asp, and (4) error to techErr.asp. ...