Lucene search
K
Virtual ProgrammingVp-asp

10 matches found

CVE
CVE
added 2006/05/09 10:0 a.m.315 views

CVE-2006-2263

The CVE-2006-2263 entry concerns VP-ASP 6.00 and a vulnerability in shopcurrency.asp where an attacker can supply a cid parameter to cause a SQL injection. The connected documents confirm the affected software (VP-ASP 6.00) and the vulnerable component (shopcurrency.asp) with the underlying issue...

7.5CVSS8.4AI score0.01359EPSS
CVE
CVE
added 2005/06/28 4:0 a.m.144 views

CVE-2002-1919

CVE-2002-1919 affects VP-ASP 4.0, exposing VP-ASP's shopadmin.asp to SQL injection via the username or password fields that can allow remote SQL execution and bypass authentication. Documents indicate a remote impact and administrator-level access possibility, but do not provide a confirmed patch...

7.5CVSS8.8AI score0.0152EPSS
CVE
CVE
added 2005/08/18 4:0 a.m.92 views

CVE-2004-2412

CVE-2004-2412 involves VP-ASP Shopping Cart 4.0–5.0 with SQL injection vulnerabilities in the catalogid parameter of the two endpoints, shopreviewlist.asp and shopreviewadd.asp . The vulnerability enables remote attackers to execute arbitrary SQL commands against the underlying database, as state...

7.5CVSS8.9AI score0.01211EPSS
CVE
CVE
added 2003/07/15 4:0 a.m.56 views

CVE-2003-0560

CVE-2003-0560 concerns an SQL injection in VP-ASP’s shopexd.asp. The vulnerability is triggered via the id parameter, enabling remote attackers to gain administrator privileges. The connected documents confirm the issue and its impact (admin privilege escalation via SQL injection), but do not pro...

10CVSS8.3AI score0.0317EPSS
CVE
CVE
added 2007/01/13 2:0 a.m.54 views

CVE-2007-0225

The CVE-2007-0225 entry affects VP-ASP Shopping Cart (version 6.09 and earlier), specifically a Cross-Site Scripting (XSS) flaw in the ASP page shopcustadmin.asp. The vulnerability allows an attacker to inject arbitrary web script or HTML by supplying a payload in the msg parameter. This is a cli...

6.8CVSS5.7AI score0.01732EPSS
CVE
CVE
added 2007/01/13 2:0 a.m.51 views

CVE-2007-0224

CVE-2007-0224 affects VP-ASP Shopping Cart (version 6.09 and earlier) via the vulnerable endpoint in the file/component shopgiftregsearch.asp . The root cause is a SQL injection vulnerability that can be exploited through the LoginLastname parameter, enabling remote attackers to execute arbitrary...

7.5CVSS8.4AI score0.01034EPSS
CVE
CVE
added 2005/11/19 1:0 a.m.47 views

CVE-2005-3685

CVE-2005-3685 describes a cross-site scripting (XSS) vulnerability in VP-ASP Shopping Cart 5.50, exploitable via the UserName parameter in shopadmin.asp. The vulnerability can allow remote attackers to inject arbitrary web script or HTML. According to connected sources, the impact is limited to p...

4.3CVSS6AI score0.01911EPSS
CVE
CVE
added 2005/07/10 4:0 a.m.43 views

CVE-2004-2164

VP-ASP 5.0 is affected by CVE-2004-2164 due to shoprestoreorder.asp not closing the database connection after restoring a previous order, enabling potential denial of service via resource exhaustion. The available sources describe the impact as a connection consumption issue but do not provide co...

5CVSS7AI score0.01752EPSS
CVE
CVE
added 2005/08/18 4:0 a.m.41 views

CVE-2004-2411

The CVE-2004-2411 entry concerns VP-ASP Shopping Cart versions 4.0–5.0 where the CleanseMessage function in shop$db.asp does not adequately sanitize inputs. This permits remote XSS attacks that do not rely on traditional [removed] tags, demonstrated via javascript in IMG tags affecting the cat pa...

4.3CVSS6.2AI score0.02193EPSS
CVE
CVE
added 2005/08/18 4:0 a.m.39 views

CVE-2004-2413

CVE-2004-2413 : A SQL injection vulnerability affects VP-ASP Shopping Cart versions 4.0 through 5.0. The flaw allows remote attackers to execute arbitrary SQL commands via the POST parameters (Processed0 and Processed1) to shopproductselect.asp. This vulnerability could lead to partial confidenti...

7.5CVSS8.8AI score0.01215EPSS