Vp-asp Security Vulnerabilities and Issues — Vp-asp CVE List

Lucene search

Virtual ProgrammingVp-asp

10 matches found

CVE•added 2006/05/09 10:2 a.m.•304 views

CVE-2006-2263

SQL injection vulnerability in shopcurrency.asp in VP-ASP 6.00 allows remote attackers to execute arbitrary SQL commands via the cid parameter.

7.5CVSS8.4AI score0.01856EPSS

CVE•added 2005/06/28 4:0 a.m.•131 views

CVE-2002-1919

SQL injection vulnerability in shopadmin.asp in VP-ASP 4.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username or (2) password fields.

7.5CVSS8.8AI score0.04503EPSS

CVE•added 2005/08/18 4:0 a.m.•83 views

CVE-2004-2412

Multiple SQL injection vulnerabilities in VP-ASP Shopping Cart 4.0 through 5.0 allow remote attackers to execute arbitrary SQL commands via the catalogid parameter in (1) shopreviewlist.asp and (2) shopreviewadd.asp.

7.5CVSS8.9AI score0.00502EPSS

CVE•added 2003/08/18 4:0 a.m.•46 views

CVE-2003-0560

SQL injection vulnerability in shopexd.asp for VP-ASP allows remote attackers to gain administrator privileges via the id parameter.

10CVSS8.3AI score0.00586EPSS

CVE•added 2007/01/13 2:28 a.m.•43 views

CVE-2007-0225

Cross-site scripting (XSS) vulnerability in shopcustadmin.asp in VP-ASP Shopping Cart 6.09 and earlier allows remote attackers to inject arbitrary web script or HTML via the msg parameter.

6.8CVSS5.7AI score0.02496EPSS

CVE•added 2007/01/13 2:28 a.m.•39 views

CVE-2007-0224

SQL injection vulnerability in shopgiftregsearch.asp in VP-ASP Shopping Cart 6.09 and earlier allows remote attackers to execute arbitrary SQL commands via the LoginLastname parameter.

7.5CVSS8.4AI score0.0034EPSS

CVE•added 2005/11/19 1:3 a.m.•36 views

CVE-2005-3685

Cross-site scripting (XSS) vulnerability in shopadmin.asp in VP-ASP Shopping Cart 5.50 allows remote attackers to inject arbitrary web script or HTML via the UserName parameter.

4.3CVSS6AI score0.00674EPSS

CVE•added 2005/07/10 4:0 a.m.•35 views

CVE-2004-2164

shoprestoreorder.asp in VP-ASP 5.0 does not close the database connection when a user restores a previous order, which allows remote attackers to cause a denial of service (connection consumption).

5CVSS7AI score0.01271EPSS

CVE•added 2005/08/18 4:0 a.m.•30 views

CVE-2004-2411

The CleanseMessage function in shop$db.asp for VP-ASP Shopping Cart 4.0 through 5.0 does not sufficiently cleanse inputs, which allows remote attackers to conduct cross-site scripting (XSS) attacks that do not use [removed] tags, as demonstrated via javascript in IMG tags to (1) the cat parameter i...

4.3CVSS6.2AI score0.01271EPSS

CVE•added 2005/08/18 4:0 a.m.•30 views

CVE-2004-2413

SQL injection vulnerability in VP-ASP Shopping Cart 4.0 through 5.0 allows remote attackers to execute arbitrary SQL commands via the (1) Processed0 and (2) Processed1 parameters in a POST request to shopproductselect.asp.

7.5CVSS8.8AI score0.00757EPSS