Dcrab

81 exploits Active since Apr 2005
CVE-2005-1487 EXPLOITDB text WRITEUP
FishCart 3.1 - SQL Injection
Multiple SQL injection vulnerabilities in FishCart 3.1 allow remote attackers to execute arbitrary SQL commands via the (1) cartid parameter to upstnt.php or (2) psku parameter to display.php. NOTE: the vendor disputes this report, saying that they are forced SQL errors. The original researcher is known to be unreliable
CVE-2005-1486 EXPLOITDB text WORKING POC
FishCart 3.1 - XSS
Multiple cross-site scripting vulnerabilities in FishCart 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) trackingnum, (2) reqagree, or (3) m parameter to upstracking.php or (4) nlst parameter to display.php. NOTE: the vendor was not able to reproduce some of the reported vectors but believes that they have been addressed. The original researcher is known to be unreliable.
CVE-2005-0936 EXPLOITDB text WORKING POC
Esmi Paypal Storefront - XSS
Cross-site scripting vulnerability in products1h.php in ESMI PayPal Storefront allows remote attackers to inject arbitrary web script or HTML via the id parameter.
CVE-2005-0935 EXPLOITDB bash WRITEUP
Esmi Paypal Storefront - SQL Injection
Multiple SQL injection vulnerabilities in ESMI PayPal Storefront allow remote attackers to execute arbitrary SQL commands via the (1) idpages parameter to pages.php or the (2) id2 parameter to products1.php.
CVE-2005-0980 EXPLOITDB text WRITEUP
AlstraSoft EPay Pro 2.0 - RCE
PHP remote file inclusion vulnerability in index.php in AlstraSoft EPay Pro 2.0 allows remote attackers to execute arbitrary PHP code by modifying the view parameter to reference a URL on a remote web server that contains the code.
CVE-2005-0981 EXPLOITDB text WORKING POC
AlstraSoft EPay Pro 2.0 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft EPay Pro 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) payment or (2) send parameter.
EIP-2026-100427 EXPLOITDB text WRITEUP
MetaCart2 - 'IntCatalogID' SQL Injection
EIP-2026-100422 EXPLOITDB text WRITEUP
MetaBid Auctions - 'intAuctionID' SQL Injection
EIP-2026-100424 EXPLOITDB text WRITEUP
MetaCart E-Shop V-8 - 'IntProdID' SQL Injection
EIP-2026-100425 EXPLOITDB text WRITEUP
MetaCart E-Shop V-8 - 'StrCatalog_NAME' SQL Injection
EIP-2026-100426 EXPLOITDB text WRITEUP
MetaCart2 - 'CurCatalogID' SQL Injection
EIP-2026-100428 EXPLOITDB text WORKING POC
MetaCart2 - 'SearchAction.asp' Multiple SQL Injections
EIP-2026-100429 EXPLOITDB text WRITEUP
MetaCart2 - 'StrSubCatalogID' SQL Injection
EIP-2026-100430 EXPLOITDB text WORKING POC
MetaCart2 - 'strSubCatalog_NAME' SQL Injection
CVE-2005-1161 EXPLOITDB text WRITEUP
OneWorldStore - SQL Injection
Multiple SQL injection vulnerabilities in OneWorldStore allow remote attackers to execute arbitrary SQL commands via the idProduct parameter to (1) owAddItem.asp or (2) owProductDetail.asp, (3) idCategory parameter to owListProduct.asp, or (4) bSpecials parameter to owListProduct.asp.
CVE-2005-1162 EXPLOITDB text WORKING POC
OneWorldStore - XSS
Multiple cross-site scripting (XSS) vulnerabilities in OneWorldStore allow remote attackers to inject arbitrary web script or HTML via the (1) sEmail parameter to owContactUs.asp, (2) bSub parameter to owListProduct.asp, or the (3) Name, (4) Email, or (5) Comment fields in owProductDetail.asp.
CVE-2005-1162 EXPLOITDB text WORKING POC
OneWorldStore - XSS
Multiple cross-site scripting (XSS) vulnerabilities in OneWorldStore allow remote attackers to inject arbitrary web script or HTML via the (1) sEmail parameter to owContactUs.asp, (2) bSub parameter to owListProduct.asp, or the (3) Name, (4) Email, or (5) Comment fields in owProductDetail.asp.
CVE-2005-1161 EXPLOITDB text WRITEUP
OneWorldStore - SQL Injection
Multiple SQL injection vulnerabilities in OneWorldStore allow remote attackers to execute arbitrary SQL commands via the idProduct parameter to (1) owAddItem.asp or (2) owProductDetail.asp, (3) idCategory parameter to owListProduct.asp, or (4) bSpecials parameter to owListProduct.asp.
CVE-2005-1161 EXPLOITDB text WRITEUP
OneWorldStore - SQL Injection
Multiple SQL injection vulnerabilities in OneWorldStore allow remote attackers to execute arbitrary SQL commands via the idProduct parameter to (1) owAddItem.asp or (2) owProductDetail.asp, (3) idCategory parameter to owListProduct.asp, or (4) bSpecials parameter to owListProduct.asp.
CVE-2005-1293 EXPLOITDB text WRITEUP
StorePortal 2.63 - SQL Injection
Multiple SQL injection vulnerabilities in default.asp in StorePortal 2.63 allow remote attackers to execute arbitrary SQL commands via the (1) language, (2) bpic, (3) idcategory, (4) content, (5) keyword, or (6) idproduct parameter.
CVE-2005-1030 EXPLOITDB text WORKING POC
Active Auction House - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Active Auction House allow remote attackers to inject arbitrary web script or HTML via the (1) ReturnURL, (2) password, (3) username parameter, (4) ReturnURL parameter to account.asp, (5) Table, (6) Title parameter to sendpassword.asp, or (7) itemid to watchthisitem.asp.
CVE-2005-1030 EXPLOITDB text WORKING POC
Active Auction House - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Active Auction House allow remote attackers to inject arbitrary web script or HTML via the (1) ReturnURL, (2) password, (3) username parameter, (4) ReturnURL parameter to account.asp, (5) Table, (6) Title parameter to sendpassword.asp, or (7) itemid to watchthisitem.asp.
CVE-2005-1030 EXPLOITDB text WORKING POC
Active Auction House - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Active Auction House allow remote attackers to inject arbitrary web script or HTML via the (1) ReturnURL, (2) password, (3) username parameter, (4) ReturnURL parameter to account.asp, (5) Table, (6) Title parameter to sendpassword.asp, or (7) itemid to watchthisitem.asp.
CVE-2005-1029 EXPLOITDB text WRITEUP
Active Auction House - SQL Injection
Multiple SQL injection vulnerabilities in Active Auction House allow remote attackers to execute arbitrary SQL commands via the (1) catid, (2) SortDir, or (3) Sortby parameter to default.asp, (4) itemID parameter to ItemInfo.asp, or (5) Email field to sendpassword.asp.
CVE-2005-1029 EXPLOITDB text WRITEUP
Active Auction House - SQL Injection
Multiple SQL injection vulnerabilities in Active Auction House allow remote attackers to execute arbitrary SQL commands via the (1) catid, (2) SortDir, or (3) Sortby parameter to default.asp, (4) itemID parameter to ItemInfo.asp, or (5) Email field to sendpassword.asp.