15 matches found
EUVD-2004-2100
Malware in sbrugna...
EUVD-2008-6228
Malware in sbrugna...
EUVD-2006-4839
Malware in sbrugna...
CVE-2008-6258
SQL injection vulnerability in users.asp in QuadComm Q-Shop 3.0, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the 1 UserID and 2 Pwd parameters. NOTE: this might be related to CVE-2004-2108...
Sql injection
SQL injection vulnerability in users.asp in QuadComm Q-Shop 3.0, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the 1 UserID and 2 Pwd parameters. NOTE: this might be related to CVE-2004-2108...
CVE-2008-6259
Cross-site scripting XSS vulnerability in search.asp in QuadComm Q-Shop 3.0, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the srkeys parameter...
CVE-2008-6258
SQL injection vulnerability in users.asp in QuadComm Q-Shop 3.0, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the 1 UserID and 2 Pwd parameters. NOTE: this might be related to CVE-2004-2108...
CVE-2008-6258
The CVE-2008-6258 entry describes an SQL injection vulnerability in QuadComm Q-Shop 3.0 (and possibly earlier) affecting users.asp, where the (1) UserID and (2) Pwd parameters allow remote attackers to execute arbitrary SQL commands. This is a classic input-based injection affecting the web appli...
CVE-2008-6259
CVE-2008-6259 describes a cross-site scripting (XSS) vulnerability in QuadComm Q-Shop 3.0 (search.asp) that allows an attacker to inject arbitrary script/HTML via the srkeys parameter. Affected product: QuadComm Q-Shop 3.0 and possibly earlier versions. Root cause: unsafeguarded handling of the s...
CVE-2006-4852
SQL injection vulnerability in browse.asp in QuadComm Q-Shop 3.5 allows remote attackers to execute arbitrary SQL commands via the OrderBy parameter...
CVE-2006-4852
CVE-2006-4852 describes a SQL injection vulnerability in QuadComm Q-Shop 3.5, specifically in the browse.asp module where the OrderBy parameter can be abused to execute arbitrary SQL commands. Affected software: QuadComm Q-Shop 3.5 (browse.asp). Underlying cause: improper handling of the OrderBy ...
CVE-2006-4852
SQL injection vulnerability in browse.asp in QuadComm Q-Shop 3.5 allows remote attackers to execute arbitrary SQL commands via the OrderBy parameter...
CVE-2004-2108
Multiple SQL injection vulnerabilities in QuadComm Q-Shop allow remote attackers to execute arbitrary SQL commands via certain parameters to 1 search.asp, 2 browse.asp, 3 details.asp, 4 showcat.asp, 5 users.asp, 6 addtomylist.asp, 7 modline.asp, 8 cart.asp, or 9 newuser.asp...
CVE-2004-2108
Multiple SQL injection vulnerabilities in QuadComm Q-Shop allow remote attackers to execute arbitrary SQL commands via certain parameters to 1 search.asp, 2 browse.asp, 3 details.asp, 4 showcat.asp, 5 users.asp, 6 addtomylist.asp, 7 modline.asp, 8 cart.asp, or 9 newuser.asp...
[Full-Disclosure] QuadComm Q-Shop ASP Shopping Cart Software multiple security vulnerabilities
S-Quadra Advisory 2004-01-23 Topic: QuadComm Q-Shop ASP Shopping Cart Software multiple security vulnerabilities Severity: High Vendor URL: http://www.quadcomm.com Advisory URL: http://www.s-quadra.com/advisories/Adv-20040123.txt Release date: 23 Jan 2004 1. DESCRIPTION Q-Shop is a shopping cart...