RSS   Vulnerabilities for 'Ultimate estate'   RSS

2006-06-22
 
CVE-2006-3155

 

 
Multiple cross-site scripting (XSS) vulnerabilities in Ultimate Auction 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) item parameter in (a) emailtofriend.pl or (b) violation.pl, (2) seller parameter in (c) vsoa.pl, (3) user parameter in (d) userask.pl or (e) leavefeed.pl, (4) itemnum parameter in userask.pl, (5) category parameter in (f) itemlist.pl, and the (6) query parameter in (g) search.pl.

 
 
CVE-2006-3154

 

 
SQL injection vulnerability in index.pl in Ultimate Estate 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

 
 
CVE-2006-3153

 

 
Cross-site scripting (XSS) vulnerability in index.pl in Ultimate Estate 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the cat parameter.

 

 >>> Vendor: Thinkfactory 4 Products
Ultimate estate
Ultimate eshop
Ultimategoogle
Thinkwms


Copyright 2024, cxsecurity.com

 

Back to Top