RSS   Vulnerabilities for 'Active auction house'   RSS

2007-03-27
 
CVE-2007-1712

 

 
SQL injection vulnerability in default.asp in ActiveWebSoftwares Active Auction Pro 7.1 allows remote attackers to execute arbitrary SQL commands via the catid parameter.

 
2005-05-02
 
CVE-2005-1030

 

 
Multiple cross-site scripting (XSS) vulnerabilities in Active Auction House allow remote attackers to inject arbitrary web script or HTML via the (1) ReturnURL, (2) password, (3) username parameter, (4) ReturnURL parameter to account.asp, (5) Table, (6) Title parameter to sendpassword.asp, or (7) itemid to watchthisitem.asp.

 
2005-04-06
 
CVE-2005-1029

 

 
Multiple SQL injection vulnerabilities in Active Auction House allow remote attackers to execute arbitrary SQL commands via the (1) catid, (2) SortDir, or (3) Sortby parameter to default.asp, (4) itemID parameter to ItemInfo.asp, or (5) Email field to sendpassword.asp.

 

 >>> Vendor: Active web softwares 6 Products
Active auction house
Activebuyandsell
Active photo gallery
Active link engine
Active newsletter
Active test


Copyright 2021, cxsecurity.com

 

Back to Top