aeNovo /incs/searchdisplay.asp strSQL Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/15036/info Aenovo, aeNovoShop and aeNovoWYSI are prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL...

CVE-2005-3208

Multiple SQL injection vulnerabilities in 1 aeNovo, 2 aeNovoShop and 3 aeNovoWYSI allow remote attackers to execute arbitrary SQL code via a the password parameter in control.asp, and b the strSQL parameter in search.asp, which can enable XSS attacks in resulting error messages...

CVE-2005-3208

Multiple SQL injection vulnerabilities in 1 aeNovo, 2 aeNovoShop and 3 aeNovoWYSI allow remote attackers to execute arbitrary SQL code via a the password parameter in control.asp, and b the strSQL parameter in search.asp, which can enable XSS attacks in resulting error messages...

CVE-2005-3208

CVE-2005-3208 involves multiple SQL injection vulnerabilities in the products named aeNovo, aeNovoShop, and aeNovoWYSI. The flaws allow remote attackers to execute arbitrary SQL code via the password parameter in control.asp and the strSQL parameter in search.asp, with potential for XSS in result...