RSS   Vulnerabilities for 'Activebuyandsell'   RSS

2005-06-29
 
CVE-2005-2063

 

 
Multiple cross-site scripting (XSS) vulnerabilities in ActiveBuyAndSell 6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Title parameter to sendpassword.asp or (2) Keyword field in search.asp.

 
 
CVE-2005-2062

 

 
Multiple SQL injection vulnerabilities in ActiveBuyAndSell 6.2 allow remote attackers to execute arbitrary SQL commands via the catid parameter to (1) default.asp or (2) buyersend.asp, (3) Administrator ID field in admin.asp, E-mail field in (4) advertiserstart.asp or (5) buyer.asp, or Keyword field in search.asp.

 

 >>> Vendor: Active web softwares 6 Products
Active auction house
Activebuyandsell
Active photo gallery
Active link engine
Active newsletter
Active test


Copyright 2024, cxsecurity.com

 

Back to Top