17 matches found
EUVD-2007-3971
Malware in sbrugna...
nhcweb.com XSS vulnerability
Open Bug Bounty ID: OBB-561332 Description| Value ---|--- Affected Website:| nhcweb.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
mathewsrealty.com XSS vulnerability
Vulnerable URL: http://www.mathewsrealty.com/searchresults.asp?template===10=2=84================10=&sqlalias1;=&sqlalias2;==resi======resiwherecitylike^brookeland^"--!"==& Details: Description| Value ---|--- Patched:| No Latest check for patch:| 07.08.2017 Vulnerability type:| XSS Vulnerability...
CartWIZ 1.10 SearchResults.ASP PriceFrom Argument SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/13334/info CartWIZ is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input prior to utilizing the data in an SQL query. Successful exploitatio...
CartWIZ 1.10 SearchResults.ASP PriceTo Argument SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/13333/info CartWIZ is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input prior to utilizing the data in an SQL query. Successful exploitatio...
Sql injection
SQL injection vulnerability in SearchResults.asp in ImageRacer 1.0, when WordSearchCrit is enabled, allows remote attackers to execute arbitrary SQL commands via the SearchWord parameter...
CVE-2007-3987
SQL injection vulnerability in SearchResults.asp in ImageRacer 1.0, when WordSearchCrit is enabled, allows remote attackers to execute arbitrary SQL commands via the SearchWord parameter...
CVE-2007-3987
SQL injection vulnerability in SearchResults.asp in ImageRacer 1.0, when WordSearchCrit is enabled, allows remote attackers to execute arbitrary SQL commands via the SearchWord parameter...
CVE-2007-3987
The CVE-2007-3987 entry concerns ImageRacer 1.0 where the SQL injection occurs in SearchResults.asp when WordSearchCrit is enabled. The vulnerability is triggered through the SearchWord parameter, allowing remote attackers to execute arbitrary SQL commands. This is a network-remote issue with low...
Image Racer - searchresults.asp SQL Injection
Image Racer - searchresults.asp SQL Injection source: https://www.securityfocus.com/bid/25010/info Image Racer is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to...
CVE-2006-1567
Cross-site scripting XSS vulnerability in searchresults.asp in SiteSearch Indexer 3.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchField parameter...
CVE-2005-1292
Multiple cross-site scripting XSS vulnerabilities in CartWIZ ASP Cart allow remote attackers to inject arbitrary web script or HTML via the idProduct parameter to 1 tellAFriend.asp or 2 addToWishlist.asp, redirect parameter to 3 access.asp or 4 login.asp, message parameter to 5 login.asp or 6...
CVE-2005-1291
Multiple SQL injection vulnerabilities in CartWIZ ASP Cart allow remote attackers to execute arbitrary SQL commands via the idProduct parameter to 1 addToCart.asp or 2 productDetails.asp, the 3 priceFrom, 4 idCategory, or 5 priceTo parameter to searchResults.asp, or 6 the idParentCategory paramet...
CVE-2005-1292
Multiple cross-site scripting XSS vulnerabilities in CartWIZ ASP Cart allow remote attackers to inject arbitrary web script or HTML via the idProduct parameter to 1 tellAFriend.asp or 2 addToWishlist.asp, redirect parameter to 3 access.asp or 4 login.asp, message parameter to 5 login.asp or 6...
CartWIZ 1.10 - searchresults.asp PriceFrom Argument SQL Injection
CartWIZ 1.10 - searchresults.asp PriceFrom Argument SQL Injection source: https://www.securityfocus.com/bid/13334/info CartWIZ is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input prior to utilizing the data in an S...
CartWIZ 1.10 - 'searchresults.asp' SKU Argument Cross-Site Scripting
source: https://www.securityfocus.com/bid/13342/info CartWIZ is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of a...
CartWIZ 1.10 - 'searchresults.asp' idcategory Argument SQL Injection
source: https://www.securityfocus.com/bid/13335/info CartWIZ is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input prior to utilizing the data in an SQL query. Successful exploitation could result in a compromise of...