3 matches found
CVE-2006-6083
The CVE-2006-6083 entry affects CreaScripts Creadirectory : the vulnerability is an SQL injection in the search.asp page where the category parameter is unsafely used. This allows remote attackers to execute arbitrary SQL commands. The known impact is consistent with an attacker gaining unauthori...
CVE-2006-6082
CVE-2006-6082 affects the CreaScripts Creadirectory component. The documented issue is multiple XSS vulnerabilities that allow remote attackers to inject arbitrary script or HTML via the (1) cat parameter to addlisting.asp or (2) the search parameter to search.asp. The root cause is insufficient ...
CVE-2007-2342
CVE-2007-2342 describes an SQL injection in error.asp of CreaScripts CreaDirectory 1.2. The vulnerability allows remote attackers to execute arbitrary SQL commands via the id parameter, as a different vector from CVE-2006-6083. According to the NVD entry, the issue is exploitable over a network w...