productid software vulnerabilities
vulnerabilities.aspcode.net
Searching productid software vulnerabilities
Multiple SQL injection vulnerabilities in Quali
vulnerabilities
|
Qualiteam
|
injection
|
Multiple
|
X-Cart
|
SQL
|
Multiple SQL injection vulnerabilities in Qualiteam X-Cart 4.0.8 allow remote attackers to execute arbitrary SQL commands via the (1) cat or (2) printable parameter to home.php, (3) productid or (4) mode parameter to product.php, (5) id parameter to error_message.php, (6) section parameter to help.php, (7) mode parameter to orders.php, (8) mode parameter to register.php, (9) mode parameter to search.php, or the (10) gcid or (11) gcindex parameter to giftcert.php.
Multiple cross-site scripting (XSS) vulnerabili
cross-site
|
scripting
|
Multiple
|
Multiple cross-site scripting (XSS) vulnerabilities in Qualiteam X-Cart 4.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) cat or (2) printable parameter to home.php, (3) productid or (4) mode parameter to product.php, (5) id parameter to error_message.php, (6) section parameter to help.php, (7) mode parameter to orders.php, (8) mode parameter to register.php, (9) mode parameter to search.php, or the (10) gcid or (11) gcindex parameter to giftcert.php.
Multiple SQL injection vulnerabilities in e-Qui
vulnerabilities
|
attackers
|
arbitrary
|
injection
|
Multiple
|
commands
|
execute
|
e-Quick
|
remote
|
allow
|
Cart
|
via
|
SQL
|
Multiple SQL injection vulnerabilities in e-Quick Cart allow remote attackers to execute arbitrary SQL commands via the (1) productid parameter in shopaddtocart.asp, (2) strpemail parameter in shopprojectlogin.asp, and (3) id parameter in shoptellafriend.asp.
Multiple cross-site scripting (XSS) vulnerabili
cross-site
|
scripting
|
Multiple
|
Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.7-pl1 allow remote attackers to inject arbitrary web script or HTML via the (3) redir, (4) productId, (5) docId, (6) act, and (7) catId parameters in index.php; and the (8) username field in a login action in index.php. NOTE: the cart.php/redir and index.php/searchStr vectors are already covered by CVE-2005-3152.
SQL injection vulnerability in Review.asp in Ju
vulnerability
|
ProductID
|
attackers
|
arbitrary
|
injection
|
parameter
|
Reviewasp
|
commands
|
Roberts
|
execute
|
Charon
|
Julian
|
remote
|
allows
|
Cart
|
SQL
|
via
|
SQL injection vulnerability in Review.asp in Julian Roberts Charon Cart 3 allows remote attackers to execute arbitrary SQL commands via the ProductID parameter.
CRLF injection vulnerability in premium/index.p
premium/indexphp
|
vulnerability
|
Shop-Script
|
splitting
|
attackers
|
arbitrary
|
injection
|
sequences
|
response
|
headers
|
conduct
|
attacks
|
remote
|
allows
|
inject
|
CRLF
|
HTTP
|
via
|
CRLF injection vulnerability in premium/index.php in Shop-Script allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the (1) links_exchange, (2) news, (3) search_with_change_category_ability, (4) logging, (5) feedback, (6) show_price, (7) register, (8) answer, (9) productID, and (10) inside parameters.
** DISPUTED ** Multiple SQL injection vulnerab
vulnerabilities
|
INFINICART
|
arbitrary
|
injection
|
attackers
|
Multiple
|
commands
|
DISPUTED
|
execute
|
remote
|
allow
|
via
|
SQL
|
** DISPUTED ** Multiple SQL injection vulnerabilities in INFINICART allow remote attackers to execute arbitrary SQL commands via the (1) groupid parameter in (a) browse_group.asp, (2) productid parameter in (b) added_to_cart.asp, and (3) catid and (4) subid parameter in (c) browsesubcat.asp. NOTE: the vendor has disputed this report, saying "The vulnerabilities mentioned were never present in our official released products but only in the unofficial demo version. However we do appreciate the information. We have update our demo version and made sure all those vulnerabilities are fixed."
Multiple SQL injection vulnerabilities in Enthr
vulnerabilities
|
Enthrallweb
|
eShopping
|
attackers
|
arbitrary
|
injection
|
Multiple
|
commands
|
execute
|
remote
|
allow
|
Cart
|
via
|
SQL
|
Multiple SQL injection vulnerabilities in Enthrallweb eShopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) ProductID parameter in productdetail.asp or the (2) categoryid parameter in products.asp.
Multiple SQL injection vulnerabilities in Enthr
vulnerabilities
|
Enthrallweb
|
eShopping
|
attackers
|
arbitrary
|
injection
|
Multiple
|
commands
|
execute
|
remote
|
allow
|
Cart
|
via
|
SQL
|
Multiple SQL injection vulnerabilities in Enthrallweb eShopping Cart allow remote attackers to execute arbitrary SQL commands via (1) the ProductID parameter in (a) reviews.asp, or the (2) cat_id or (3) sub_id parameter in (b) subProducts.asp. NOTE: the productdetail.asp vector is already covered by another identifier.
Multiple SQL injection vulnerabilities in Alan
vulnerabilities
|
attackers
|
injection
|
arbitrary
|
commands
|
Multiple
|
execute
|
remote
|
A-Cart
|
allow
|
Alan
|
Ward
|
via
|
SQL
|
Pro
|
Multiple SQL injection vulnerabilities in Alan Ward A-Cart Pro 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) productid parameter in product.asp or (2) search parameter in search.asp. NOTE: the category.asp vector is already covered by CVE-2004-1873.
Multiple SQL injection vulnerabilities in Koan
vulnerabilities
|
arbitrary
|
attackers
|
injection
|
Multiple
|
Software
|
commands
|
execute
|
remote
|
allow
|
Koan
|
Mega
|
Mall
|
via
|
SQL
|
Multiple SQL injection vulnerabilities in Koan Software Mega Mall allow remote attackers to execute arbitrary SQL commands via the (1) t, (2) productId, (3) sk, (4) x, or (5) so parameter to (a) product_review.php; or the (6) orderNo parameter to (b) order-track.php.
Software vulnerabilities results 1 to 12 of 12
Page:
1