Shodan
Vulnerabilities
Vulnerable Software
Alan Ward:  Security Vulnerabilities
CVE-2006-6831
SQL injection vulnerability in faqDsp.asp in aFAQ 1.0 allows remote attackers to execute arbitrary SQL commands via the catcode parameter.
CVSS Score
7.5
EPSS Score
0.005
Published
2006-12-31
CVE-2006-6111
Multiple SQL injection vulnerabilities in Alan Ward A-Cart Pro 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) productid parameter in product.asp or (2) search parameter in search.asp. NOTE: the category.asp vector is already covered by CVE-2004-1873.
CVSS Score
7.5
EPSS Score
0.012
Published
2006-11-26
CVE-2006-2948
A-CART 2.0 stores the acart2_0.mdb file under the web document root with insufficient access control, which allows remote attackers to obtain username and password information.
CVSS Score
5.0
EPSS Score
0.005
Published
2006-06-12
CVE-2005-4064
Multiple SQL injection vulnerabilities in A-FAQ 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) faqid parameter to faqDspItem.asp and (2) catcode parameter to faqDsp.asp.
CVSS Score
7.5
EPSS Score
0.012
Published
2005-12-07
CVE-2004-1873
SQL injection vulnerability in category.asp in A-CART Pro and A-CART 2.0 allows remote attackers to gain privileges via the catcode parameter.
CVSS Score
7.5
EPSS Score
0.028
Published
2004-12-31
CVE-2004-1874
Multiple cross-site scripting (XSS) vulnerabilities in (1) deliver.asp and (2) billing.asp in A-CART Pro and A-CART 2.0 allow remote attackers to inject arbitrary web script or HTML via the user information forms.
CVSS Score
4.3
EPSS Score
0.004
Published
2004-03-29


Products
Pricing
Contact Us

Shodan ® - All rights reserved