3 matches found
CVE-2009-0429
CVE-2009-0429 covers multiple SQL injection vulnerabilities in Active Bids by ActiveWebSoftwares. The issues permit remote execution of arbitrary SQL through user-supplied input in three vectors: (1) the search parameter to search.asp, (2) the SortDir parameter to auctionsended.asp, and (3) the c...
CVE-2009-4229
CVE-2009-4229 involves multiple SQL injection vulnerabilities in ActiveBids (ActiveWebSoftwares). The affected component is the Active Bids web application, with vulnerabilities exploitable through (1) the catid parameter in the PATH_INFO to the default URI and (2) the catid parameter to default....
CVE-2009-0430
Active Bids is affected by CVE-2009-0430 through multiple cross-site scripting (XSS) vulnerabilities. The issue allows remote attackers to inject arbitrary script/HTML via the (1) search parameter to search.asp and (2) the URL parameter to tellafriend.asp. NVD lists a CVSS v2 base score of 4.3 (M...