34 matches found
EUVD-2008-3126
Malware in sbrugna...
EUVD-2007-0060
Malware in sbrugna...
AShop Deluxe 4.5 ashop/search.php searchstring Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/21845/info AShop Deluxe and AShop Administration Panel are prone to multiple cross-site scripting vulnerabilities because they fail to sufficiently sanitize user-supplied input data. An attacker may leverage these issues ...
AShop Deluxe 4.5 admin/editcatalogue.php cat Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/21845/info AShop Deluxe and AShop Administration Panel are prone to multiple cross-site scripting vulnerabilities because they fail to sufficiently sanitize user-supplied input data. An attacker may leverage these issues ...
AShop Deluxe 4.5 ashop/basket.php cat Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/21845/info AShop Deluxe and AShop Administration Panel are prone to multiple cross-site scripting vulnerabilities because they fail to sufficiently sanitize user-supplied input data. An attacker may leverage these issues ...
AShop Deluxe 4.5 ashop/catalogue.php Multiple Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/21845/info AShop Deluxe and AShop Administration Panel are prone to multiple cross-site scripting vulnerabilities because they fail to sufficiently sanitize user-supplied input data. An attacker may leverage these issues ...
AShop Deluxe 4.5 shipping.php Multiple Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/21845/info AShop Deluxe and AShop Administration Panel are prone to multiple cross-site scripting vulnerabilities because they fail to sufficiently sanitize user-supplied input data. An attacker may leverage these issues ...
AShop Deluxe 4.5 admin/salesadmin.php resultpage Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/21845/info AShop Deluxe and AShop Administration Panel are prone to multiple cross-site scripting vulnerabilities because they fail to sufficiently sanitize user-supplied input data. An attacker may leverage these issues ...
Sql injection
SQL injection vulnerability in catalogue.php in AShop Deluxe 4.x allows remote attackers to execute arbitrary SQL commands via the cat parameter...
CVE-2008-3136
SQL injection vulnerability in catalogue.php in AShop Deluxe 4.x allows remote attackers to execute arbitrary SQL commands via the cat parameter...
CVE-2008-3136
SQL injection vulnerability in catalogue.php in AShop Deluxe 4.x allows remote attackers to execute arbitrary SQL commands via the cat parameter...
CVE-2008-3136
The CVE-2008-3136 entry concerns a SQL injection in AShop Deluxe 4.x. Affected software: AShop Deluxe (version family 4.x). Vulnerable component: catalogue.php, with exploitation via the cat parameter. Root cause: unsanitized input leading to arbitrary SQL execution. Impact: partial confidentiali...
AShop Deluxe "cat" SQL注入漏洞
BUGTRAQ ID: CNCAN ID:CNCAN-2008070301 AShop Deluxe是一款基于PHP的WEB应用程序。 AShop Deluxe不正确处理用户提交的输入,远程攻击者可以利用漏洞进行SQL注入攻击,可能获得敏感信息或操作数据库。 问题由于脚本对用户提交给'cat'参数缺少过滤,构建恶意SQL查询作为参数数据,可更改原来的SQL逻辑,获得敏感信息或操作数据库。 AShop Deluxe 4.x 升级到AShop Deluxe 4.8.5: http://www.ashopsoftware.com/ http://www.sebug.net/exploit/39...
ashop-sql.txt
usr/bin/perl use LWP::UserAgent; use HTTP::Cookies; use Getopt::Long; use URI::Escape; -------------------------------------------------------------------------------------------------------------------------------------------------------- x AShop Deluxe 4.x Remote SQL inJection Exploit x Ditemuk...
AShop Deluxe 4.x (catalogue.php cat) Remote SQL Injection Exploit
No description provided by source. usr/bin/perl use LWP::UserAgent; use HTTP::Cookies; use Getopt::Long; use URI::Escape; -------------------------------------------------------------------------------------------------------------------------------------------------------- x AShop Deluxe 4.x...
AShop Deluxe 4.x - catalogue.php SQL Injection
AShop Deluxe 4.x - catalogue.php SQL Injection usr/bin/perl use LWP::UserAgent; use HTTP::Cookies; use Getopt::Long; use URI::Escape; -------------------------------------------------------------------------------------------------------------------------------------------------------- x AShop...
AShop Deluxe 4.x - 'catalogue.php' SQL Injection
usr/bin/perl use LWP::UserAgent; use HTTP::Cookies; use Getopt::Long; use URI::Escape; -------------------------------------------------------------------------------------------------------------------------------------------------------- x AShop Deluxe 4.x Remote SQL inJection Exploit x Ditemuk...
AShop Deluxe 4.x (catalogue.php cat) Remote SQL Injection Exploit
Exploit for unknown platform in category web applications ================================================================= AShop Deluxe 4.x catalogue.php cat Remote SQL Injection Exploit ================================================================= usr/bin/perl use LWP::UserAgent; use...
CVE-2007-0056
Multiple cross-site scripting XSS vulnerabilities in AShop Deluxe 4.5 and AShop Administration Panel allow remote attackers to inject arbitrary web script or HTML via the 1 cat parameter to a ashop/catalogue.php and b ashop/basket.php, the 2 exp parameter to ashop/catalogue.php, the 3 searchstrin...
CVE-2007-0056
Multiple cross-site scripting XSS vulnerabilities in AShop Deluxe 4.5 and AShop Administration Panel allow remote attackers to inject arbitrary web script or HTML via the 1 cat parameter to a ashop/catalogue.php and b ashop/basket.php, the 2 exp parameter to ashop/catalogue.php, the 3 searchstrin...