21 matches found
EUVD-2007-5601
Malware in sbrugna...
EUVD-2007-2796
Malware in sbrugna...
EUVD-2006-6092
Malware in sbrugna...
CandyPress Store 3.5.2 14 openPolicy.asp policy Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/21090/info CandyPress Store is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to...
CandyPress Store 3.5.2 14 prodList.asp brand Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/21090/info CandyPress Store is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to...
CVE-2007-5629
Cross-site scripting XSS vulnerability in admin/logon.asp in ShoppingTree CandyPress Store 4.1 allows remote attackers to inject arbitrary web script or HTML via the msg parameter, a different vector than CVE-2007-2804. NOTE: the provenance of this information is unknown; the details are obtained...
CVE-2007-5629
CVE-2007-5629 describes a cross-site scripting (XSS) vulnerability in ShoppingTree CandyPress Store 4.1, specifically in admin/logon.asp, where an attacker can inject arbitrary script/HTML via the msg parameter. The entry notes this as a different vector than CVE-2007-2804. The connected document...
CVE-2007-2804
Multiple cross-site scripting XSS vulnerabilities in scripts/prodList.asp in CandyPress Store 3.5.2.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 brand and 2 Msg parameters...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in scripts/prodList.asp in CandyPress Store 3.5.2.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 brand and 2 Msg parameters...
CVE-2007-2804
Multiple cross-site scripting XSS vulnerabilities in scripts/prodList.asp in CandyPress Store 3.5.2.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 brand and 2 Msg parameters...
CVE-2007-2804
CVE-2007-2804: Multiple XSS vulnerabilities in CandyPress Store 3.5.2.14 and earlier. Affected component: scripts/prodList.asp. Vulnerable vectors: (1) brand and (2) Msg parameters. Remote attackers can inject arbitrary web script or HTML.
CandyPress™ Store XSS vuln.
Vuln. discovered by : r0t Date: 18 May 2007 vendor:http://www.candypress.com/ affected versions: v3.5.2.14 and prior CandyPress™ Store contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "brand" and "Msg" parameter in "scripts/prodList.asp" isn't properly sanitis...
CVE-2006-6109
Multiple SQL injection vulnerabilities in CandyPress Store 3.5.2.14 allow remote attackers to execute arbitrary SQL commands via the 1 policy parameter in openPolicy.asp or the 2 brand parameter in prodList.asp...
CVE-2006-6109
Multiple SQL injection vulnerabilities in CandyPress Store 3.5.2.14 allow remote attackers to execute arbitrary SQL commands via the 1 policy parameter in openPolicy.asp or the 2 brand parameter in prodList.asp...
CVE-2006-6109
CandyPress Store 3.5.2.14 is affected by multiple SQL injection vulnerabilities that allow remote attackers to execute arbitrary SQL commands via the policy parameter in openPolicy.asp or the brand parameter in prodList.asp. The root cause is unprotected user-supplied input in these endpoints, en...
candypress.txt
vendor site:http://www.candypress.com/ product:CandyPress Store bug:injection sql risk:medium injection sql get : http://site.com/sa3.5.2.14/scripts/openPolicy.asp?policy='sql http://site.com/sa3.5.2.14/scripts/prodList.asp?brand='sql laurent gaffié & benjamin mossé http://s-a-p.ca/ contact:...
CandyPress Store[ multiples injection sql ]
vendor site:http://www.candypress.com/ product:CandyPress Store bug:injection sql risk:medium injection sql get : http://site.com/sa3.5.2.14/scripts/openPolicy.asp?policy='sql http://site.com/sa3.5.2.14/scripts/prodList.asp?brand='sql laurent gaffie & benjamin mosse http://s-a-p.ca/ contact:...
CandyPress Store 3.5.2 14 - openPolicy.asp?policy SQL Injection
CandyPress Store 3.5.2 14 - openPolicy.asp?policy SQL Injection source: https://www.securityfocus.com/bid/21090/info CandyPress Store is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this...
CandyPress Store 3.5.2 14 - prodList.asp?brand SQL Injection
CandyPress Store 3.5.2 14 - prodList.asp?brand SQL Injection source: https://www.securityfocus.com/bid/21090/info CandyPress Store is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue...
CandyPress Store 3.5.2 14 - 'openPolicy.asp?policy' SQL Injection
source: https://www.securityfocus.com/bid/21090/info CandyPress Store is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, acces...