3 matches found
aeNovo /incs/searchdisplay.asp strSQL Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/15036/info Aenovo, aeNovoShop and aeNovoWYSI are prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL...
CVE-2005-3208
Multiple SQL injection vulnerabilities in 1 aeNovo, 2 aeNovoShop and 3 aeNovoWYSI allow remote attackers to execute arbitrary SQL code via a the password parameter in control.asp, and b the strSQL parameter in search.asp, which can enable XSS attacks in resulting error messages...
CVE-2005-3208
Multiple SQL injection vulnerabilities in 1 aeNovo, 2 aeNovoShop and 3 aeNovoWYSI allow remote attackers to execute arbitrary SQL code via a the password parameter in control.asp, and b the strSQL parameter in search.asp, which can enable XSS attacks in resulting error messages...