3 matches found
CVE-2007-1712
CVE-2007-1712 affects ActiveWebSoftwares Active Auction Pro 7.1. A SQL injection flaw in default.asp allows remote attackers to execute arbitrary SQL commands via the catid parameter. This can impact database integrity and confidentiality as described. No remediation details are provided in the s...
CVE-2005-1029
CVE-2005-1029 : Multiple SQL injection vulnerabilities in Active Auction House allow remote attackers to execute arbitrary SQL commands via the ASP scripts and parameters: (1) default.asp with catid, SortDir, Sortby; (2) ItemInfo.asp with itemID; (3) sendpassword.asp with Email. Root cause: impro...
CVE-2005-1030
CVE-2005-1030 affects the Active Auction House ASP application. The vulnerability is described as multiple cross-site scripting (XSS) flaws that allow remote attackers to inject arbitrary web script or HTML via parameters such as ReturnURL, password, username, and other fields (e.g., ReturnURL to...