12 matches found
EUVD-2005-1164
Malware in sbrugna...
EUVD-2005-2191
Malware in sbrugna...
EUVD-2007-3313
Malware in sbrugna...
Modern Bag product-update.php file SQL Injection Vulnerability
Modern Bag is an online management system. Modern Bag suffers from a SQL injection vulnerability that stems from an error in the parameter idProduct in the file /admin/product-update.php that lacks validation of externally entered SQL statements. An attacker can exploit this vulnerability to...
Code-Projects Modern Bag 注入漏洞
Modern Bag is an online management system. Modern Bag suffers from a SQL injection vulnerability that stems from an error in the parameter idProduct in the file /admin/product-update.php that lacks validation of externally entered SQL statements. An attacker can exploit this vulnerability to...
Sql injection
SQL injection vulnerability in comersusoptReviewReadExec.asp in Comersus Shop Cart 7.07 allows remote attackers to execute arbitrary SQL commands via the idProduct parameter. NOTE: this might be the same as CVE-2005-2190.2...
CVE-2007-3323
CVE-2007-3323 describes an SQL injection in Comersus Shop Cart 7.07, exploitable via the idProduct parameter to comersus_optReviewReadExec.asp. Remote attackers could execute arbitrary SQL commands; the description notes it may be the same issue as CVE-2005-2190. No remediation or version-specifi...
CVE-2005-2206
Multiple SQL injection vulnerabilities in CartWIZ allow remote attackers to modify SQL statements via the 1 idProduct parameter to tellAFriend.asp, 2 sortType parameter to viewSupportTickets.asp, or the id parameter to 3 updateCreditCards.asp or 4 deleteCreditCards.asp...
CVE-2005-2190
CVE-2005-2190 concerns multiple SQL injection flaws in Comersus Shop Cart. Remote attackers can inject via (1) email to comersus_optAffiliateRegistrationExec.asp or (2) idProduct to comersus_optReviewReadExec.asp, potentially executing arbitrary SQL on the database. The NVD notes a Base Score of ...
CVE-2005-1292
Multiple cross-site scripting XSS vulnerabilities in CartWIZ ASP Cart allow remote attackers to inject arbitrary web script or HTML via the idProduct parameter to 1 tellAFriend.asp or 2 addToWishlist.asp, redirect parameter to 3 access.asp or 4 login.asp, message parameter to 5 login.asp or 6...
CVE-2005-1292
Multiple cross-site scripting XSS vulnerabilities in CartWIZ ASP Cart allow remote attackers to inject arbitrary web script or HTML via the idProduct parameter to 1 tellAFriend.asp or 2 addToWishlist.asp, redirect parameter to 3 access.asp or 4 login.asp, message parameter to 5 login.asp or 6...
CVE-2005-1291
Multiple SQL injection vulnerabilities in CartWIZ ASP Cart allow remote attackers to execute arbitrary SQL commands via the idProduct parameter to 1 addToCart.asp or 2 productDetails.asp, the 3 priceFrom, 4 idCategory, or 5 priceTo parameter to searchResults.asp, or 6 the idParentCategory paramet...