87 matches found
CVE-2007-3173
Almnzm allows remote attackers to obtain sensitive information via an activateorder request to index.php with an invalid orderid parameter, probably related to '' and '' characters...
CVE-2007-3173
CVE-2007-3173 describes an information-disclosure flaw: remote attackers can obtain sensitive data via an activateorder request to index.php using an invalid orderid parameter, with likely involvement of ‘[]’ characters. The root cause is improper handling of the orderid parameter, enabling parti...
CVE-2007-3173
Almnzm allows remote attackers to obtain sensitive information via an activateorder request to index.php with an invalid orderid parameter, probably related to '' and '' characters...
Sql injection
Multiple SQL injection vulnerabilities in QuickEStore 7.9 and earlier allow remote attackers to execute arbitrary SQL commands via 1 the OrderID parameter in a shipping.cfm and b checkout.cfm, 2 ItemID parameter in c proddetail.cfm, 3 SubCatID parameter in d index.cfm, the 4 CategoryID parameter ...
CVE-2002-0409
orderdetails.aspx, as made available to Microsoft .NET developers as example code and demonstrated on www.ibuyspystore.com, allows remote attackers to view the orders of other users by modifying the OrderID parameter...
CVE-2002-0409
CVE-2002-0409 involves an issue in orderdetails.aspx used as example code for Microsoft .NET developers, where an attacker can view other users’ orders by tampering the OrderID parameter. The description from NVD/CVE records states that remote attackers can access another user’s orders due to the...
CVE-2002-0409
orderdetails.aspx, as made available to Microsoft .NET developers as example code and demonstrated on www.ibuyspystore.com, allows remote attackers to view the orders of other users by modifying the OrderID parameter...