41 matches found
EUVD-2005-1164
Malware in sbrugna...
EUVD-2005-1165
Malware in sbrugna...
EUVD-2005-1331
Malware in sbrugna...
OneWorldStore OWAddItem.ASP SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/13181/info OneWorldStore is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation coul...
OneWorldStore IDOrder Information Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/13361/info OneWorldStore is prone to an information disclosure vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. Exploitation of this vulnerability would expose the...
OneWorldStore DisplayResults.ASP SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/13249/info OneWorldStore is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. Successful exploitation could...
OneWorldStore OWContactUs.ASP Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/13184/info OneWorldStore is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary...
OneWorldStore OWListProduct.ASP Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/13185/info OneWorldStore is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary...
OneWorldStore OWListProduct.ASP Multiple SQL Injection Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/13182/info OneWorldStore is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. Successful...
OneWorldStore OWProductDetail.ASP SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/13183/info OneWorldStore is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. Successful exploitation could...
OneWorldStore DisplayResults.ASP Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/13251/info OneWorldStore is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary...
oneworldSQL.txt
OneWorldStore DisplayResults.asp sIDSearch Variable XSS and SQL Injection vendor url:http://oneworldstore.com/ vendor notified : yes exploit available: yes advisory:http://lostmon.blogspot.com/2005/04/ oneworldstore-sidsearch.html OSVDB ID: 15659 and 15660 related vendor´s security bulletin:...
CVE-2005-1161
Multiple SQL injection vulnerabilities in OneWorldStore allow remote attackers to execute arbitrary SQL commands via the idProduct parameter to 1 owAddItem.asp or 2 owProductDetail.asp, 3 idCategory parameter to owListProduct.asp, or 4 bSpecials parameter to owListProduct.asp...
CVE-2005-1328
OneWorldStore allows remote attackers to cause a denial of service application crash via a direct request to owConnections/chksettings.asp...
CVE-2005-1162
Multiple cross-site scripting XSS vulnerabilities in OneWorldStore allow remote attackers to inject arbitrary web script or HTML via the 1 sEmail parameter to owContactUs.asp, 2 bSub parameter to owListProduct.asp, or the 3 Name, 4 Email, or 5 Comment fields in owProductDetail.asp...
CVE-2005-1328
OneWorldStore allows remote attackers to cause a denial of service application crash via a direct request to owConnections/chksettings.asp...
CVE-2005-1329
owOfflineCC.asp in OneWorldStore allows remote attackers to obtain sensitive information by modifying the idOrder parameter...
CVE-2005-1328
OneWorldStore is affected by CVE-2005-1328. The vulnerability is a denial-of-service condition caused by remote requests to the owConnections/chksettings.asp endpoint, which can crash the application. The available connected data confirms the vulnerable component and the impact but provides limit...
CVE-2005-1329
CVE-2005-1329 concerns OneWorldStore where owOfflineCC.asp exposes sensitive information via modification of the idOrder parameter. The vulnerability allows remote attackers to obtain data by manipulating idOrder, with impact described as information disclosure (partial confidentiality). Affected...
PT-2005-2332 · Oneworld · Oneworldstore
Name of the Vulnerable Software and Affected Versions: OneWorldStore affected versions not specified Description: The issue allows remote attackers to obtain sensitive information by modifying the idOrder parameter in the "owOfflineCC.asp" file. Recommendations: For all affected versions, avoid...