Lucene search
K
ActivewebsoftwaresActive Bids

4 matches found

CVE
CVE
added 2009/02/05 12:0 a.m.52 views

CVE-2009-0429

CVE-2009-0429 covers multiple SQL injection vulnerabilities in Active Bids by ActiveWebSoftwares. The issues permit remote execution of arbitrary SQL through user-supplied input in three vectors: (1) the search parameter to search.asp, (2) the SortDir parameter to auctionsended.asp, and (3) the c...

7.5CVSS8.8AI score0.00907EPSS
CVE
CVE
added 2009/12/08 7:0 p.m.47 views

CVE-2009-4229

CVE-2009-4229 involves multiple SQL injection vulnerabilities in ActiveBids (ActiveWebSoftwares). The affected component is the Active Bids web application, with vulnerabilities exploitable through (1) the catid parameter in the PATH_INFO to the default URI and (2) the catid parameter to default....

7.5CVSS8.1AI score0.00907EPSS
CVE
CVE
added 2009/02/05 12:0 a.m.44 views

CVE-2009-0430

Active Bids is affected by CVE-2009-0430 through multiple cross-site scripting (XSS) vulnerabilities. The issue allows remote attackers to inject arbitrary script/HTML via the (1) search parameter to search.asp and (2) the URL parameter to tellafriend.asp. NVD lists a CVSS v2 base score of 4.3 (M...

4.3CVSS5.9AI score0.01189EPSS
CVE
CVE
added 2008/12/17 5:0 p.m.42 views

CVE-2008-5640

CVE-2008-5640 describes an SQL injection in bidhistory.asp of Active Bids 3.5, exploitable via the ItemID parameter and enabling remote SQL command execution. Affected product: Active Bids 3.5 (bidhistory.asp). Root cause: unsanitized ItemID parameter leading to SQL injection. Impact: partial con...

7.5CVSS8.4AI score0.01196EPSS