Lucene search
+L

21 matches found

euvd
euvd
added 2025/10/07 12:30 a.m.9 views

EUVD-2007-5601

Malware in sbrugna...

4.3CVSS6.4AI score0.0127EPSS
Exploits1References7
euvd
euvd
added 2025/10/07 12:30 a.m.5 views

EUVD-2007-2796

Malware in sbrugna...

4.3CVSS6.3AI score0.01223EPSS
Exploits0References7
euvd
euvd
added 2025/10/07 12:30 a.m.7 views

EUVD-2006-6092

Malware in sbrugna...

7.5CVSS6.4AI score0.01424EPSS
Exploits1References7
seebug
seebug
added 2014/07/01 12:0 a.m.15 views

CandyPress Store 3.5.2 14 openPolicy.asp policy Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/21090/info CandyPress Store is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to...

7.1AI score
Exploits0
seebug
seebug
added 2014/07/01 12:0 a.m.17 views

CandyPress Store 3.5.2 14 prodList.asp brand Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/21090/info CandyPress Store is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to...

7.1AI score
Exploits0
cvelist
cvelist
added 2007/10/23 4:0 p.m.15 views

CVE-2007-5629

Cross-site scripting XSS vulnerability in admin/logon.asp in ShoppingTree CandyPress Store 4.1 allows remote attackers to inject arbitrary web script or HTML via the msg parameter, a different vector than CVE-2007-2804. NOTE: the provenance of this information is unknown; the details are obtained...

5.4AI score0.0127EPSS
Exploits1References6
cve
cve
added 2007/10/23 4:0 p.m.35 views

CVE-2007-5629

CVE-2007-5629 describes a cross-site scripting (XSS) vulnerability in ShoppingTree CandyPress Store 4.1, specifically in admin/logon.asp, where an attacker can inject arbitrary script/HTML via the msg parameter. The entry notes this as a different vector than CVE-2007-2804. The connected document...

4.3CVSS5.5AI score0.0127EPSS
Exploits1References6Affected Software1
nvd
nvd
added 2007/05/22 7:30 p.m.13 views

CVE-2007-2804

Multiple cross-site scripting XSS vulnerabilities in scripts/prodList.asp in CandyPress Store 3.5.2.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 brand and 2 Msg parameters...

4.3CVSS5.7AI score0.01223EPSS
Exploits0References6
prion
prion
added 2007/05/22 7:30 p.m.11 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in scripts/prodList.asp in CandyPress Store 3.5.2.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 brand and 2 Msg parameters...

4.3CVSS5.9AI score0.01223EPSS
Exploits0References6Affected Software1
cvelist
cvelist
added 2007/05/22 7:0 p.m.12 views

CVE-2007-2804

Multiple cross-site scripting XSS vulnerabilities in scripts/prodList.asp in CandyPress Store 3.5.2.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 brand and 2 Msg parameters...

5.7AI score0.01223EPSS
Exploits0References6
cve
cve
added 2007/05/22 7:0 p.m.59 views

CVE-2007-2804

CVE-2007-2804: Multiple XSS vulnerabilities in CandyPress Store 3.5.2.14 and earlier. Affected component: scripts/prodList.asp. Vulnerable vectors: (1) brand and (2) Msg parameters. Remote attackers can inject arbitrary web script or HTML.

4.3CVSS5.8AI score0.01223EPSS
Exploits0References6Affected Software1
securityvulns
securityvulns
added 2007/05/19 12:0 a.m.66 views

CandyPress™ Store XSS vuln.

Vuln. discovered by : r0t Date: 18 May 2007 vendor:http://www.candypress.com/ affected versions: v3.5.2.14 and prior CandyPress™ Store contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "brand" and "Msg" parameter in "scripts/prodList.asp" isn't properly sanitis...

0.7AI score
Exploits0
nvd
nvd
added 2006/11/26 10:7 p.m.15 views

CVE-2006-6109

Multiple SQL injection vulnerabilities in CandyPress Store 3.5.2.14 allow remote attackers to execute arbitrary SQL commands via the 1 policy parameter in openPolicy.asp or the 2 brand parameter in prodList.asp...

7.5CVSS8.5AI score0.01424EPSS
Exploits1References6
cvelist
cvelist
added 2006/11/26 10:0 p.m.21 views

CVE-2006-6109

Multiple SQL injection vulnerabilities in CandyPress Store 3.5.2.14 allow remote attackers to execute arbitrary SQL commands via the 1 policy parameter in openPolicy.asp or the 2 brand parameter in prodList.asp...

8.5AI score0.01424EPSS
Exploits1References6
cve
cve
added 2006/11/26 10:0 p.m.37 views

CVE-2006-6109

CandyPress Store 3.5.2.14 is affected by multiple SQL injection vulnerabilities that allow remote attackers to execute arbitrary SQL commands via the policy parameter in openPolicy.asp or the brand parameter in prodList.asp. The root cause is unprotected user-supplied input in these endpoints, en...

7.5CVSS8.9AI score0.01424EPSS
Exploits1References6Affected Software1
packetstorm
packetstorm
added 2006/11/17 12:0 a.m.28 views

candypress.txt

vendor site:http://www.candypress.com/ product:CandyPress Store bug:injection sql risk:medium injection sql get : http://site.com/sa3.5.2.14/scripts/openPolicy.asp?policy='sql http://site.com/sa3.5.2.14/scripts/prodList.asp?brand='sql laurent gaffié & benjamin mossé http://s-a-p.ca/ contact:...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2006/11/17 12:0 a.m.31 views

CandyPress Store[ multiples injection sql ]

vendor site:http://www.candypress.com/ product:CandyPress Store bug:injection sql risk:medium injection sql get : http://site.com/sa3.5.2.14/scripts/openPolicy.asp?policy='sql http://site.com/sa3.5.2.14/scripts/prodList.asp?brand='sql laurent gaffie & benjamin mosse http://s-a-p.ca/ contact:...

0.5AI score
Exploits0
exploitpack
exploitpack
added 2006/11/15 12:0 a.m.12 views

CandyPress Store 3.5.2 14 - openPolicy.asp?policy SQL Injection

CandyPress Store 3.5.2 14 - openPolicy.asp?policy SQL Injection source: https://www.securityfocus.com/bid/21090/info CandyPress Store is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this...

0.6AI score
Exploits0
exploitpack
exploitpack
added 2006/11/15 12:0 a.m.18 views

CandyPress Store 3.5.2 14 - prodList.asp?brand SQL Injection

CandyPress Store 3.5.2 14 - prodList.asp?brand SQL Injection source: https://www.securityfocus.com/bid/21090/info CandyPress Store is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue...

0.2AI score
Exploits0
exploitdb
exploitdb
added 2006/11/15 12:0 a.m.26 views

CandyPress Store 3.5.2 14 - 'openPolicy.asp?policy' SQL Injection

source: https://www.securityfocus.com/bid/21090/info CandyPress Store is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, acces...

7.4AI score
Exploits0
Rows per page
Query Builder