Lucene search
+L

2420 matches found

prion
prion
added 2009/02/25 11:30 p.m.17 views

Design/Logic Flaw

RakhiSoftware Price Comparison Script aka Shopping Cart allows remote attackers to obtain sensitive information via an invalid PHPSESSID cookie, which reveals the installation path in an error message...

7.8CVSS6.7AI score0.02524EPSS
Exploits1References4
cvelist
cvelist
added 2009/02/25 11:0 p.m.21 views

CVE-2008-6277

SQL injection vulnerability in product.php in RakhiSoftware Price Comparison Script aka Shopping Cart allows remote attackers to execute arbitrary SQL commands via the subcategoryid parameter...

8.4AI score0.01003EPSS
Exploits1References5
cve
cve
added 2009/02/25 11:0 p.m.50 views

CVE-2008-6279

Vulnerability: RakhiSoftware Price Comparison Script (Shopping Cart) exposes installation path in error messages via an invalid PHPSESSID cookie, enabling remote disclosure of sensitive information. Affected: RakhiSoftware Price Comparison Script; root cause: PHPSESSID handling leads to error det...

7.8CVSS6.3AI score0.02524EPSS
Exploits1References4Affected Software1
cve
cve
added 2009/02/25 11:0 p.m.51 views

CVE-2008-6278

The CVE-2008-6278 entry concerns RakhiSoftware Price Comparison Script (aka Shopping Cart). Affected component: product.php. Vulnerability: reflected cross-site scripting via two parameters, category_id and subcategory_id, allowing remote attackers to inject arbitrary web script or HTML. The root...

4.3CVSS5.9AI score0.01453EPSS
Exploits1References4Affected Software1
cvelist
cvelist
added 2009/02/25 11:0 p.m.23 views

CVE-2008-6279

RakhiSoftware Price Comparison Script aka Shopping Cart allows remote attackers to obtain sensitive information via an invalid PHPSESSID cookie, which reveals the installation path in an error message...

6.2AI score0.02524EPSS
Exploits1References4
cvelist
cvelist
added 2009/02/25 11:0 p.m.25 views

CVE-2008-6278

Multiple cross-site scripting XSS vulnerabilities in product.php in RakhiSoftware Price Comparison Script aka Shopping Cart allow remote attackers to inject arbitrary web script or HTML via the 1 categoryid and 2 subcategoryid parameters...

5.8AI score0.01453EPSS
Exploits1References4
cve
cve
added 2009/02/25 11:0 p.m.44 views

CVE-2008-6277

CVE-2008-6277 describes an SQL injection vulnerability in the RakhiSoftware Price Comparison Script (aka Shopping Cart). The flaw is in the file product.php and is exploitable via the subcategory_id parameter, enabling a remote attacker to execute arbitrary SQL commands. This AV:N/AC:L/ Au:N/C:P/...

7.5CVSS8.7AI score0.01003EPSS
Exploits1References5Affected Software1
packetstorm
packetstorm
added 2009/02/18 12:0 a.m.30 views

compareindia.in.com SQL Injection

==================================================================== Website: http://compareindia.in.com/ Category: India's biggest hardware comparision website + buyer's guide Vulnerability: Inband SQL Injection Founder: Jaydeep Dave [email protected] Date: 16th Feb, 2009...

0.2AI score
Exploits0
prion
prion
added 2009/01/27 1:30 a.m.10 views

Sql injection

Multiple SQL injection vulnerabilities in login.aspx in Active Price Comparison 4.0 allow remote attackers to execute arbitrary SQL commands via the 1 password and 2 username fields...

7.5CVSS9.4AI score0.01019EPSS
Exploits0References4Affected Software1
nvd
nvd
added 2009/01/27 1:30 a.m.15 views

CVE-2008-5975

SQL injection vulnerability in links.asp in Active Price Comparison 4.0 allows remote attackers to execute arbitrary SQL commands via the linkid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

7.5CVSS8.1AI score0.00961EPSS
Exploits2References3
prion
prion
added 2009/01/27 1:30 a.m.15 views

Sql injection

SQL injection vulnerability in links.asp in Active Price Comparison 4.0 allows remote attackers to execute arbitrary SQL commands via the linkid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

7.5CVSS8.7AI score0.00961EPSS
Exploits2References3Affected Software1
cve
cve
added 2009/01/27 1:0 a.m.49 views

CVE-2008-5974

CVE-2008-5974 affects Active Price Comparison 4.0, where the login.aspx page is vulnerable to SQL injection via the (1) username and (2) password fields. The root cause is improper handling of user input in the login form, allowing remote attackers to execute arbitrary SQL commands. The available...

7.5CVSS8.9AI score0.01019EPSS
Exploits0References4Affected Software1
cve
cve
added 2009/01/27 1:0 a.m.49 views

CVE-2008-5975

CVE-2008-5975 describes a SQL injection in Active Price Comparison 4.0, specifically in links.asp, exploitable via the linkid parameter. The vulnerability allows remote attackers to execute arbitrary SQL commands. Several connected sources corroborate the issue, including NVD/NVD mirrors and Expl...

7.5CVSS8.3AI score0.00961EPSS
Exploits2References3Affected Software1
exploitdb
exploitdb
added 2009/01/11 12:0 a.m.23 views

FreeBSD/x86-64 - Bind TCP Shell (/bin/sh) + Password (R2CBw0cr) Shellcode (127 bytes)

FreeBSD/x86-64 - Bind TCP Shell /bin/sh + Password R2CBw0cr Shellcode 127 bytes. Shellcode exploit for FreeBSDx86-64 platform / Gitsnik, @dracyrys FreeBSD x8664 bindtcp with passcode, 127 bytes Passcode: R2CBw0cr / C Source: char code = \ "\x6a\x61\x58\x6a\x02\x5f\x6a\x01\x5e\x99"...

7.1AI score
Exploits0
nvd
nvd
added 2008/12/17 5:30 p.m.13 views

CVE-2008-5638

Multiple SQL injection vulnerabilities in Active Price Comparison 4 allow remote attackers to execute arbitrary SQL commands via the 1 ProductID parameter to reviews.aspx or the 2 linkid parameter to links.asp...

7.5CVSS8.5AI score0.0101EPSS
Exploits1References4
prion
prion
added 2008/12/17 5:30 p.m.14 views

Sql injection

Multiple SQL injection vulnerabilities in Active Price Comparison 4 allow remote attackers to execute arbitrary SQL commands via the 1 ProductID parameter to reviews.aspx or the 2 linkid parameter to links.asp...

7.5CVSS9.2AI score0.0101EPSS
Exploits1References4Affected Software1
cve
cve
added 2008/12/17 5:0 p.m.51 views

CVE-2008-5638

CVE-2008-5638 : Multiple SQL injection vulnerabilities in Active Price Comparison 4 allow remote attackers to execute arbitrary SQL commands via the ProductID parameter to reviews.aspx or the linkid parameter to links.asp. The issue is evidenced by multiple sources (NVD entry and Exploit-DB listi...

7.5CVSS8.5AI score0.0101EPSS
Exploits1References4Affected Software1
cvelist
cvelist
added 2008/12/17 5:0 p.m.21 views

CVE-2008-5638

Multiple SQL injection vulnerabilities in Active Price Comparison 4 allow remote attackers to execute arbitrary SQL commands via the 1 ProductID parameter to reviews.aspx or the 2 linkid parameter to links.asp...

8.5AI score0.0101EPSS
Exploits1References4
seebug
seebug
added 2008/11/30 12:0 a.m.15 views

Active Price Comparison v4 (ProductID) Blind SQL Injection Vulnerability

No description provided by source. ----------------------------بسم الله الرحمن الرحيم------------------------------ Tybe:reviews.aspx ProductID Blind SQL Injection Vulnerability Vendor:www.activewebsoftwares.com Software: Active Price Comparison v 4 author: я3d D3v!L Date:...

7.1AI score
Exploits0
zdt
zdt
added 2008/11/30 12:0 a.m.18 views

Active Price Comparison v 4 (ProductID) Blind SQL Injection Vulnerability

Exploit for unknown platform in category web applications ========================================================================= Active Price Comparison v 4 ProductID Blind SQL Injection Vulnerability ========================================================================= Tybe:reviews.aspx...

7.1AI score
Exploits0
Rows per page
Query Builder