3 matches found
CVE-2001-0319
The CVE-2001-0319 entry concerns IBM Net.Commerce 3.x, where the macro orderdspc.d2w in the report capability is vulnerable to SQL injection via the order_rn option. The underlying issue is a SQL injection flaw in the remote interface that lets an attacker supply crafted input to alter or execute...
CVE-2001-0390
IBM Websphere/NetCommerce3 3.1.2 is affected by a DoS vulnerability where remote attackers can trigger the macro.d2w macro with a long string of %0a characters. The description from multiple sources confirms the vulnerability exists in the specified product version and is exploitable remotely via...
CVE-2001-0389
CVE-2001-0389 affects IBM Websphere/NetCommerce3 3.1.2. The vulnerability allows remote attackers to determine the server’s real path by directly calling the macro.d2w macro with a NOEXISTINGHTMLBLOCK argument. Impact is listed as partial confidentiality loss; exploitation is remote over the netw...