Nick Gudov

10 exploits Active since Nov 2004
EIP-2026-100765 EXPLOITDB text WRITEUP
calacode @mail webmail system 3.52 - Multiple Vulnerabilities
CVE-2005-0994 EXPLOITDB text WORKING POC
ProductCart 2.7 - SQL Injection via Category or resultCnt Parameter
Multiple SQL injection vulnerabilities in ProductCart 2.7 allow remote attackers to execute arbitrary SQL commands via (1) the Category or resultCnt parameters to advSearch_h.asp, and possibly (2) the offset parameter to tarinasworld_butterflyjournal.asp. NOTE: it is possible that item (2) is the result of a typo or editing error from the original research report.
CVE-2005-0994 EXPLOITDB text WORKING POC
ProductCart 2.7 - SQL Injection via Category or resultCnt Parameter
Multiple SQL injection vulnerabilities in ProductCart 2.7 allow remote attackers to execute arbitrary SQL commands via (1) the Category or resultCnt parameters to advSearch_h.asp, and possibly (2) the offset parameter to tarinasworld_butterflyjournal.asp. NOTE: it is possible that item (2) is the result of a typo or editing error from the original research report.
CVE-2004-2172 EXPLOITDB HIGH text WRITEUP
EarlyImpact ProductCart - Info Disclosure
EarlyImpact ProductCart uses a weak encryption scheme to encrypt passwords, which allows remote attackers to obtain the password via a chosen plaintext attack.
CVSS 7.5
CVE-2004-0348 EXPLOITDB text WORKING POC
spidersales - SQL Injection via viewCart.asp userId Parameter
SQL injection vulnerability in viewCart.asp in SpiderSales shopping cart software allows remote attackers to execute arbitrary SQL via the userId parameter.
EIP-2026-100600 EXPLOITDB text WORKING POC
Virtual Programming VP-ASP 4.00/5.00 - 'shopsearch.asp' SQL Injection
CVE-2004-0305 EXPLOITDB text WRITEUP
WebCortex WebStores 2000 6.0 - Cross-Site Scripting via error.asp Message_id Parameter
Cross-site scripting (XSS) vulnerability in error.asp in WebCortex WebStores 2000 6.0 allows remote attackers to execute arbitrary script as other users and steal session IDs via the Message_id parameter.
EIP-2026-100599 EXPLOITDB text WORKING POC
Virtual Programming VP-ASP 4.00/5.00 - 'shopdisplayproducts.asp' SQL Injection
CVE-2004-1882 EXPLOITDB text WORKING POC
CactuShop 5.x - Cross-Site Scripting via popuplargeimage.asp strImageTag Parameter
Cross-site scripting (XSS) vulnerability in popuplargeimage.asp in CactuShop 5.x allows remote attackers to inject arbitrary web script or HTML via the strImageTag parameter.
CVE-2004-1881 EXPLOITDB text WORKING POC
CactuShop 5.x - SQL Injection via strItems Parameter
SQL injection vulnerability in (1) mailorder.asp or (2) payonline.asp in CactuShop 5.x allows remote attackers to execute arbitrary SQL commands via the strItems parameter.