Show filters
16 Total Results
Displaying 1-10 of 16
Sort by:
Attacker Value
Unknown

CVE-2008-6966

Disclosure Date: August 13, 2009 (last updated October 04, 2023)
AJ Square AJ Auction Pro Platinum Skin #1 sends a redirect but does not exit when it is called directly, which allows remote attackers to bypass authentication via a direct request to admin/user.php.
0
0
Attacker Value
Unknown

CVE-2008-6965

Disclosure Date: August 13, 2009 (last updated October 04, 2023)
AJ Square AJ Auction OOPD, Pro Platinum Skin #1, Pro Platinum Skin #2, and Web 2.0 send a redirect but do not exit when certain scripts are called directly, which allows remote attackers to bypass authentication via a direct request to (1) site.php, (2) auction.php, (3) mail.php, (4) fee_setting.php, (5) earnings.php, (6) insertion_fee_settings.php, (7) custom_category.php, (8) subcategory.php, (9) category.php, (10) report.php, (11) store_manager.php, and (12) choose_sell_format.php in admin/, and possibly other vectors.
0
0
Attacker Value
Unknown

CVE-2008-6414

Disclosure Date: March 06, 2009 (last updated October 04, 2023)
SQL injection vulnerability in detail.php in AJ Auction Pro Platinum Skin 2 allows remote attackers to execute arbitrary SQL commands via the item_id parameter.
0
0
Attacker Value
Unknown

CVE-2008-6004

Disclosure Date: January 28, 2009 (last updated October 04, 2023)
Cross-site scripting (XSS) vulnerability in search.php in AJ Auction Pro Platinum 2 allows remote attackers to inject arbitrary web script or HTML via the product parameter.
0
0
Attacker Value
Unknown

CVE-2008-6003

Disclosure Date: January 28, 2009 (last updated October 04, 2023)
SQL injection vulnerability in sellers_othersitem.php in AJ Auction Pro Platinum 2 allows remote attackers to execute arbitrary SQL commands via the seller_id parameter.
0
0
Attacker Value
Unknown

CVE-2008-5216

Disclosure Date: November 24, 2008 (last updated October 04, 2023)
SQL injection vulnerability in category_list.php in AJ Square ZeusCart 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the cid parameter.
0
0
Attacker Value
Unknown

CVE-2008-5212

Disclosure Date: November 24, 2008 (last updated October 04, 2023)
SQL injection vulnerability in classifide_ad.php in AJ Auction 6.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the item_id parameter.
0
0
Attacker Value
Unknown

CVE-2008-5213

Disclosure Date: November 24, 2008 (last updated October 04, 2023)
SQL injection vulnerability in featured_article.php in AJ Article 1.0 allows remote attackers to execute arbitrary SQL commands via the artid parameter in a search detail action.
0
0
Attacker Value
Unknown

CVE-2008-4753

Disclosure Date: October 27, 2008 (last updated October 04, 2023)
SQL injection vulnerability in EditUrl.php in AJ Square RSS Reader allows remote attackers to execute arbitrary SQL commands via the url parameter.
0
0
Attacker Value
Unknown

CVE-2008-4043

Disclosure Date: September 11, 2008 (last updated October 04, 2023)
Multiple SQL injection vulnerabilities in AJ Square AJ HYIP Acme allow remote attackers to execute arbitrary SQL commands via the artid parameter to (1) acme/article/comment.php and (2) prime/article/comment.php.
0
0
View More Topics  Next >