Dcrab

81 exploits Active since Apr 2005
CVE-2005-1487 EXPLOITDB text WRITEUP
FishCart 3.1 - SQL Injection via cartid or psku Parameter
Multiple SQL injection vulnerabilities in FishCart 3.1 allow remote attackers to execute arbitrary SQL commands via the (1) cartid parameter to upstnt.php or (2) psku parameter to display.php. NOTE: the vendor disputes this report, saying that they are forced SQL errors. The original researcher is known to be unreliable
CVE-2005-1486 EXPLOITDB text WORKING POC
FishCart 3.1 - Cross-Site Scripting via Trackingnum, Reqagree, M, or Nlst Parameter
Multiple cross-site scripting vulnerabilities in FishCart 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) trackingnum, (2) reqagree, or (3) m parameter to upstracking.php or (4) nlst parameter to display.php. NOTE: the vendor was not able to reproduce some of the reported vectors but believes that they have been addressed. The original researcher is known to be unreliable.
CVE-2005-0936 EXPLOITDB text WORKING POC
ESMI PayPal Storefront - Cross-Site Scripting via id Parameter
Cross-site scripting vulnerability in products1h.php in ESMI PayPal Storefront allows remote attackers to inject arbitrary web script or HTML via the id parameter.
CVE-2005-0935 EXPLOITDB bash WRITEUP
ESMI PayPal Storefront - SQL Injection via idpages or id2 Parameter
Multiple SQL injection vulnerabilities in ESMI PayPal Storefront allow remote attackers to execute arbitrary SQL commands via the (1) idpages parameter to pages.php or the (2) id2 parameter to products1.php.
CVE-2005-0980 EXPLOITDB text WRITEUP
AlstraSoft EPay Pro 2.0 - Remote File Inclusion via Index.php View Parameter
PHP remote file inclusion vulnerability in index.php in AlstraSoft EPay Pro 2.0 allows remote attackers to execute arbitrary PHP code by modifying the view parameter to reference a URL on a remote web server that contains the code.
CVE-2005-0981 EXPLOITDB text WORKING POC
AlstraSoft EPay Pro 2.0 - Cross-Site Scripting via Payment or Send Parameter
Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft EPay Pro 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) payment or (2) send parameter.
EIP-2026-100427 EXPLOITDB text WRITEUP
MetaCart2 - 'IntCatalogID' SQL Injection
EIP-2026-100422 EXPLOITDB text WRITEUP
MetaBid Auctions - 'intAuctionID' SQL Injection
EIP-2026-100424 EXPLOITDB text WRITEUP
MetaCart E-Shop V-8 - 'IntProdID' SQL Injection
EIP-2026-100425 EXPLOITDB text WRITEUP
MetaCart E-Shop V-8 - 'StrCatalog_NAME' SQL Injection
EIP-2026-100426 EXPLOITDB text WRITEUP
MetaCart2 - 'CurCatalogID' SQL Injection
EIP-2026-100428 EXPLOITDB text WORKING POC
MetaCart2 - 'SearchAction.asp' Multiple SQL Injections
EIP-2026-100429 EXPLOITDB text WRITEUP
MetaCart2 - 'StrSubCatalogID' SQL Injection
EIP-2026-100430 EXPLOITDB text WORKING POC
MetaCart2 - 'strSubCatalog_NAME' SQL Injection
CVE-2005-1161 EXPLOITDB text WRITEUP
OneWorldStore - SQL Injection via idProduct or idCategory or bSpecials Parameter
Multiple SQL injection vulnerabilities in OneWorldStore allow remote attackers to execute arbitrary SQL commands via the idProduct parameter to (1) owAddItem.asp or (2) owProductDetail.asp, (3) idCategory parameter to owListProduct.asp, or (4) bSpecials parameter to owListProduct.asp.
CVE-2005-1162 EXPLOITDB text WORKING POC
OneWorldStore - Stored Cross-Site Scripting via owContactUs.asp sEmail Parameter
Multiple cross-site scripting (XSS) vulnerabilities in OneWorldStore allow remote attackers to inject arbitrary web script or HTML via the (1) sEmail parameter to owContactUs.asp, (2) bSub parameter to owListProduct.asp, or the (3) Name, (4) Email, or (5) Comment fields in owProductDetail.asp.
CVE-2005-1162 EXPLOITDB text WORKING POC
OneWorldStore - Stored Cross-Site Scripting via owContactUs.asp sEmail Parameter
Multiple cross-site scripting (XSS) vulnerabilities in OneWorldStore allow remote attackers to inject arbitrary web script or HTML via the (1) sEmail parameter to owContactUs.asp, (2) bSub parameter to owListProduct.asp, or the (3) Name, (4) Email, or (5) Comment fields in owProductDetail.asp.
CVE-2005-1161 EXPLOITDB text WRITEUP
OneWorldStore - SQL Injection via idProduct or idCategory or bSpecials Parameter
Multiple SQL injection vulnerabilities in OneWorldStore allow remote attackers to execute arbitrary SQL commands via the idProduct parameter to (1) owAddItem.asp or (2) owProductDetail.asp, (3) idCategory parameter to owListProduct.asp, or (4) bSpecials parameter to owListProduct.asp.
CVE-2005-1161 EXPLOITDB text WRITEUP
OneWorldStore - SQL Injection via idProduct or idCategory or bSpecials Parameter
Multiple SQL injection vulnerabilities in OneWorldStore allow remote attackers to execute arbitrary SQL commands via the idProduct parameter to (1) owAddItem.asp or (2) owProductDetail.asp, (3) idCategory parameter to owListProduct.asp, or (4) bSpecials parameter to owListProduct.asp.
CVE-2005-1293 EXPLOITDB text WRITEUP
StorePortal 2.63 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in default.asp in StorePortal 2.63 allow remote attackers to execute arbitrary SQL commands via the (1) language, (2) bpic, (3) idcategory, (4) content, (5) keyword, or (6) idproduct parameter.
CVE-2005-1030 EXPLOITDB text WORKING POC
Active Auction House - Stored Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Active Auction House allow remote attackers to inject arbitrary web script or HTML via the (1) ReturnURL, (2) password, (3) username parameter, (4) ReturnURL parameter to account.asp, (5) Table, (6) Title parameter to sendpassword.asp, or (7) itemid to watchthisitem.asp.
CVE-2005-1030 EXPLOITDB text WORKING POC
Active Auction House - Stored Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Active Auction House allow remote attackers to inject arbitrary web script or HTML via the (1) ReturnURL, (2) password, (3) username parameter, (4) ReturnURL parameter to account.asp, (5) Table, (6) Title parameter to sendpassword.asp, or (7) itemid to watchthisitem.asp.
CVE-2005-1030 EXPLOITDB text WORKING POC
Active Auction House - Stored Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Active Auction House allow remote attackers to inject arbitrary web script or HTML via the (1) ReturnURL, (2) password, (3) username parameter, (4) ReturnURL parameter to account.asp, (5) Table, (6) Title parameter to sendpassword.asp, or (7) itemid to watchthisitem.asp.
CVE-2005-1029 EXPLOITDB text WRITEUP
Active Auction House - SQL Injection
Multiple SQL injection vulnerabilities in Active Auction House allow remote attackers to execute arbitrary SQL commands via the (1) catid, (2) SortDir, or (3) Sortby parameter to default.asp, (4) itemID parameter to ItemInfo.asp, or (5) Email field to sendpassword.asp.
CVE-2005-1029 EXPLOITDB text WRITEUP
Active Auction House - SQL Injection
Multiple SQL injection vulnerabilities in Active Auction House allow remote attackers to execute arbitrary SQL commands via the (1) catid, (2) SortDir, or (3) Sortby parameter to default.asp, (4) itemID parameter to ItemInfo.asp, or (5) Email field to sendpassword.asp.