10 matches found
CVE-2006-2263
The CVE-2006-2263 entry concerns VP-ASP 6.00 and a vulnerability in shopcurrency.asp where an attacker can supply a cid parameter to cause a SQL injection. The connected documents confirm the affected software (VP-ASP 6.00) and the vulnerable component (shopcurrency.asp) with the underlying issue...
CVE-2002-1919
CVE-2002-1919 affects VP-ASP 4.0, exposing VP-ASP's shopadmin.asp to SQL injection via the username or password fields that can allow remote SQL execution and bypass authentication. Documents indicate a remote impact and administrator-level access possibility, but do not provide a confirmed patch...
CVE-2004-2412
CVE-2004-2412 involves VP-ASP Shopping Cart 4.0–5.0 with SQL injection vulnerabilities in the catalogid parameter of the two endpoints, shopreviewlist.asp and shopreviewadd.asp . The vulnerability enables remote attackers to execute arbitrary SQL commands against the underlying database, as state...
CVE-2003-0560
CVE-2003-0560 concerns an SQL injection in VP-ASP’s shopexd.asp. The vulnerability is triggered via the id parameter, enabling remote attackers to gain administrator privileges. The connected documents confirm the issue and its impact (admin privilege escalation via SQL injection), but do not pro...
CVE-2007-0225
The CVE-2007-0225 entry affects VP-ASP Shopping Cart (version 6.09 and earlier), specifically a Cross-Site Scripting (XSS) flaw in the ASP page shopcustadmin.asp. The vulnerability allows an attacker to inject arbitrary web script or HTML by supplying a payload in the msg parameter. This is a cli...
CVE-2007-0224
CVE-2007-0224 affects VP-ASP Shopping Cart (version 6.09 and earlier) via the vulnerable endpoint in the file/component shopgiftregsearch.asp . The root cause is a SQL injection vulnerability that can be exploited through the LoginLastname parameter, enabling remote attackers to execute arbitrary...
CVE-2005-3685
CVE-2005-3685 describes a cross-site scripting (XSS) vulnerability in VP-ASP Shopping Cart 5.50, exploitable via the UserName parameter in shopadmin.asp. The vulnerability can allow remote attackers to inject arbitrary web script or HTML. According to connected sources, the impact is limited to p...
CVE-2004-2164
VP-ASP 5.0 is affected by CVE-2004-2164 due to shoprestoreorder.asp not closing the database connection after restoring a previous order, enabling potential denial of service via resource exhaustion. The available sources describe the impact as a connection consumption issue but do not provide co...
CVE-2004-2411
The CVE-2004-2411 entry concerns VP-ASP Shopping Cart versions 4.0–5.0 where the CleanseMessage function in shop$db.asp does not adequately sanitize inputs. This permits remote XSS attacks that do not rely on traditional [removed] tags, demonstrated via javascript in IMG tags affecting the cat pa...
CVE-2004-2413
CVE-2004-2413 : A SQL injection vulnerability affects VP-ASP Shopping Cart versions 4.0 through 5.0. The flaw allows remote attackers to execute arbitrary SQL commands via the POST parameters (Processed0 and Processed1) to shopproductselect.asp. This vulnerability could lead to partial confidenti...