2420 matches found
Design/Logic Flaw
RakhiSoftware Price Comparison Script aka Shopping Cart allows remote attackers to obtain sensitive information via an invalid PHPSESSID cookie, which reveals the installation path in an error message...
CVE-2008-6277
SQL injection vulnerability in product.php in RakhiSoftware Price Comparison Script aka Shopping Cart allows remote attackers to execute arbitrary SQL commands via the subcategoryid parameter...
CVE-2008-6279
Vulnerability: RakhiSoftware Price Comparison Script (Shopping Cart) exposes installation path in error messages via an invalid PHPSESSID cookie, enabling remote disclosure of sensitive information. Affected: RakhiSoftware Price Comparison Script; root cause: PHPSESSID handling leads to error det...
CVE-2008-6278
The CVE-2008-6278 entry concerns RakhiSoftware Price Comparison Script (aka Shopping Cart). Affected component: product.php. Vulnerability: reflected cross-site scripting via two parameters, category_id and subcategory_id, allowing remote attackers to inject arbitrary web script or HTML. The root...
CVE-2008-6279
RakhiSoftware Price Comparison Script aka Shopping Cart allows remote attackers to obtain sensitive information via an invalid PHPSESSID cookie, which reveals the installation path in an error message...
CVE-2008-6278
Multiple cross-site scripting XSS vulnerabilities in product.php in RakhiSoftware Price Comparison Script aka Shopping Cart allow remote attackers to inject arbitrary web script or HTML via the 1 categoryid and 2 subcategoryid parameters...
CVE-2008-6277
CVE-2008-6277 describes an SQL injection vulnerability in the RakhiSoftware Price Comparison Script (aka Shopping Cart). The flaw is in the file product.php and is exploitable via the subcategory_id parameter, enabling a remote attacker to execute arbitrary SQL commands. This AV:N/AC:L/ Au:N/C:P/...
compareindia.in.com SQL Injection
==================================================================== Website: http://compareindia.in.com/ Category: India's biggest hardware comparision website + buyer's guide Vulnerability: Inband SQL Injection Founder: Jaydeep Dave [email protected] Date: 16th Feb, 2009...
Sql injection
Multiple SQL injection vulnerabilities in login.aspx in Active Price Comparison 4.0 allow remote attackers to execute arbitrary SQL commands via the 1 password and 2 username fields...
CVE-2008-5975
SQL injection vulnerability in links.asp in Active Price Comparison 4.0 allows remote attackers to execute arbitrary SQL commands via the linkid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
Sql injection
SQL injection vulnerability in links.asp in Active Price Comparison 4.0 allows remote attackers to execute arbitrary SQL commands via the linkid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2008-5974
CVE-2008-5974 affects Active Price Comparison 4.0, where the login.aspx page is vulnerable to SQL injection via the (1) username and (2) password fields. The root cause is improper handling of user input in the login form, allowing remote attackers to execute arbitrary SQL commands. The available...
CVE-2008-5975
CVE-2008-5975 describes a SQL injection in Active Price Comparison 4.0, specifically in links.asp, exploitable via the linkid parameter. The vulnerability allows remote attackers to execute arbitrary SQL commands. Several connected sources corroborate the issue, including NVD/NVD mirrors and Expl...
FreeBSD/x86-64 - Bind TCP Shell (/bin/sh) + Password (R2CBw0cr) Shellcode (127 bytes)
FreeBSD/x86-64 - Bind TCP Shell /bin/sh + Password R2CBw0cr Shellcode 127 bytes. Shellcode exploit for FreeBSDx86-64 platform / Gitsnik, @dracyrys FreeBSD x8664 bindtcp with passcode, 127 bytes Passcode: R2CBw0cr / C Source: char code = \ "\x6a\x61\x58\x6a\x02\x5f\x6a\x01\x5e\x99"...
CVE-2008-5638
Multiple SQL injection vulnerabilities in Active Price Comparison 4 allow remote attackers to execute arbitrary SQL commands via the 1 ProductID parameter to reviews.aspx or the 2 linkid parameter to links.asp...
Sql injection
Multiple SQL injection vulnerabilities in Active Price Comparison 4 allow remote attackers to execute arbitrary SQL commands via the 1 ProductID parameter to reviews.aspx or the 2 linkid parameter to links.asp...
CVE-2008-5638
CVE-2008-5638 : Multiple SQL injection vulnerabilities in Active Price Comparison 4 allow remote attackers to execute arbitrary SQL commands via the ProductID parameter to reviews.aspx or the linkid parameter to links.asp. The issue is evidenced by multiple sources (NVD entry and Exploit-DB listi...
CVE-2008-5638
Multiple SQL injection vulnerabilities in Active Price Comparison 4 allow remote attackers to execute arbitrary SQL commands via the 1 ProductID parameter to reviews.aspx or the 2 linkid parameter to links.asp...
Active Price Comparison v4 (ProductID) Blind SQL Injection Vulnerability
No description provided by source. ----------------------------بسم الله الرØÙ…Ù† الرØÙŠÙ…------------------------------ Tybe:reviews.aspx ProductID Blind SQL Injection Vulnerability Vendor:www.activewebsoftwares.com Software: Active Price Comparison v 4 author: Ñ3d D3v!L Date:...
Active Price Comparison v 4 (ProductID) Blind SQL Injection Vulnerability
Exploit for unknown platform in category web applications ========================================================================= Active Price Comparison v 4 ProductID Blind SQL Injection Vulnerability ========================================================================= Tybe:reviews.aspx...