Show filters
4 Total Results
Displaying 1-4 of 4
Sort by:
Attacker Value
Unknown
CVE-2008-6875
Disclosure Date: July 24, 2009 (last updated October 04, 2023)
SQL injection vulnerability in default.asp in ASP Product Catalog allows remote attackers to execute arbitrary SQL commands via the cid parameter, a different vector than CVE-2007-5220.
0
Attacker Value
Unknown
CVE-2009-1321
Disclosure Date: April 17, 2009 (last updated October 04, 2023)
Cross-site scripting (XSS) vulnerability in search.asp in ASP Product Catalog 1.0 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter.
0
Attacker Value
Unknown
CVE-2009-1322
Disclosure Date: April 17, 2009 (last updated October 04, 2023)
ASP Product Catalog 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user credentials via a direct request for database/aspProductCatalog.mdb.
0
Attacker Value
Unknown
CVE-2007-5220
Disclosure Date: October 05, 2007 (last updated October 04, 2023)
SQL injection vulnerability in catalog.asp in ASP Product Catalog allows remote attackers to execute arbitrary SQL commands via the cid parameter and possibly other parameters.
0