Show filters
4 Total Results
Displaying 1-4 of 4
Sort by:
Attacker Value
Unknown

CVE-2008-6875

Disclosure Date: July 24, 2009 (last updated October 04, 2023)
SQL injection vulnerability in default.asp in ASP Product Catalog allows remote attackers to execute arbitrary SQL commands via the cid parameter, a different vector than CVE-2007-5220.
0
Attacker Value
Unknown

CVE-2009-1321

Disclosure Date: April 17, 2009 (last updated October 04, 2023)
Cross-site scripting (XSS) vulnerability in search.asp in ASP Product Catalog 1.0 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter.
0
Attacker Value
Unknown

CVE-2009-1322

Disclosure Date: April 17, 2009 (last updated October 04, 2023)
ASP Product Catalog 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user credentials via a direct request for database/aspProductCatalog.mdb.
0
Attacker Value
Unknown

CVE-2007-5220

Disclosure Date: October 05, 2007 (last updated October 04, 2023)
SQL injection vulnerability in catalog.asp in ASP Product Catalog allows remote attackers to execute arbitrary SQL commands via the cid parameter and possibly other parameters.
0