4 matches found
CVE-2009-0429
CVE-2009-0429 covers multiple SQL injection vulnerabilities in Active Bids by ActiveWebSoftwares. The issues permit remote execution of arbitrary SQL through user-supplied input in three vectors: (1) the search parameter to search.asp, (2) the SortDir parameter to auctionsended.asp, and (3) the c...
CVE-2009-4229
CVE-2009-4229 involves multiple SQL injection vulnerabilities in ActiveBids (ActiveWebSoftwares). The affected component is the Active Bids web application, with vulnerabilities exploitable through (1) the catid parameter in the PATH_INFO to the default URI and (2) the catid parameter to default....
CVE-2009-0430
Active Bids is affected by CVE-2009-0430 through multiple cross-site scripting (XSS) vulnerabilities. The issue allows remote attackers to inject arbitrary script/HTML via the (1) search parameter to search.asp and (2) the URL parameter to tellafriend.asp. NVD lists a CVSS v2 base score of 4.3 (M...
CVE-2008-5640
CVE-2008-5640 describes an SQL injection in bidhistory.asp of Active Bids 3.5, exploitable via the ItemID parameter and enabling remote SQL command execution. Affected product: Active Bids 3.5 (bidhistory.asp). Root cause: unsanitized ItemID parameter leading to SQL injection. Impact: partial con...