Published: 29/06/2005 Updated: 11/10/2017

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 760

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Multiple SQL injection vulnerabilities in ActiveBuyAndSell 6.2 allow remote malicious users to execute arbitrary SQL commands via the catid parameter to (1) default.asp or (2) buyersend.asp, (3) Administrator ID field in admin.asp, E-mail field in (4) advertiserstart.asp or (5) buyer.asp, or Keyword field in search.asp.

Vulnerable Product	Search on Vulmon	Subscribe to Product
active web softwares activebuyandsell 6.2

[?] ?????????????????????????{In The Name Of Allah The Mercifull}?????????????????????? [?] [~] Tybe: (buyersendasp catid) Blind SQL Injection Vulnerability [~] Vendor: :wwwactivewebsoftwarescom [*] Software: ActiveBuyandSell v 62 [*] author: ((R3d-D3v!L)) [*] Date: 18dec2009 [*] T!ME: 12:00 am [?] Home: WwWxP10ME [?] contact: N/A [?] [?]?? ...

#Title : Active BuyandSell Remote SQL Injection Vulnerability #Author : CyberGhost #Demo Page : wwwactivewebsoftwarescom/demoactivebuyandsell #Script Page : wwwactivewebsoftwarescom/productinfoaspx?productid=8 #Vuln #Username : /buyersendasp?catid=-1+union+select+0,1,2,3,4,5,6,adminname,8,9,0,1,2,3,4,5,6+from+admins #Passw ...

NVD-CWE-Other http://echo.or.id/adv/adv21-theday-2005.txt http://www.securityfocus.com/bid/23110 http://www.vupen.com/english/advisories/2007/1096 http://marc.info/?l=bugtraq&m=111963341429906&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/33183 https://www.exploit-db.com/exploits/3550 https://nvd.nist.gov https://www.exploit-db.com/exploits/10526/

CVE-2005-2062

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect