Lucene search
+L

87 matches found

NVD
NVD
added 2007/06/11 10:30 p.m.11 views

CVE-2007-3173

Almnzm allows remote attackers to obtain sensitive information via an activateorder request to index.php with an invalid orderid parameter, probably related to '' and '' characters...

5CVSS6.2AI score0.01205EPSS
Exploits0References3
CVE
CVE
added 2007/06/11 10:0 p.m.53 views

CVE-2007-3173

CVE-2007-3173 describes an information-disclosure flaw: remote attackers can obtain sensitive data via an activateorder request to index.php using an invalid orderid parameter, with likely involvement of ‘[]’ characters. The root cause is improper handling of the orderid parameter, enabling parti...

5CVSS6.3AI score0.01205EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2007/06/11 10:0 p.m.19 views

CVE-2007-3173

Almnzm allows remote attackers to obtain sensitive information via an activateorder request to index.php with an invalid orderid parameter, probably related to '' and '' characters...

6.2AI score0.01205EPSS
Exploits0References3
Prion
Prion
added 2006/04/26 8:6 p.m.17 views

Sql injection

Multiple SQL injection vulnerabilities in QuickEStore 7.9 and earlier allow remote attackers to execute arbitrary SQL commands via 1 the OrderID parameter in a shipping.cfm and b checkout.cfm, 2 ItemID parameter in c proddetail.cfm, 3 SubCatID parameter in d index.cfm, the 4 CategoryID parameter ...

6.4CVSS8.9AI score0.01642EPSS
Exploits0References9Affected Software1
NVD
NVD
added 2002/07/26 4:0 a.m.21 views

CVE-2002-0409

orderdetails.aspx, as made available to Microsoft .NET developers as example code and demonstrated on www.ibuyspystore.com, allows remote attackers to view the orders of other users by modifying the OrderID parameter...

5CVSS6.8AI score0.19323EPSS
Exploits0References1
CVE
CVE
added 2002/06/11 4:0 a.m.63 views

CVE-2002-0409

CVE-2002-0409 involves an issue in orderdetails.aspx used as example code for Microsoft .NET developers, where an attacker can view other users’ orders by tampering the OrderID parameter. The description from NVD/CVE records states that remote attackers can access another user’s orders due to the...

5CVSS7.2AI score0.19323EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2002/06/11 4:0 a.m.34 views

CVE-2002-0409

orderdetails.aspx, as made available to Microsoft .NET developers as example code and demonstrated on www.ibuyspystore.com, allows remote attackers to view the orders of other users by modifying the OrderID parameter...

6.8AI score0.19323EPSS
Exploits0References1
Rows per page
Query Builder