Shodan
Vulnerabilities
Vulnerable Software
Enthrallweb:  Security Vulnerabilities
CVE-2009-0252
Multiple SQL injection vulnerabilities in default.asp in Enthrallweb eReservations allow remote attackers to execute arbitrary SQL commands via the (1) Login parameter (aka username field) or the (2) Password parameter (aka password field). NOTE: some of these details are obtained from third party information.
CVSS Score
7.5
EPSS Score
0.004
Published
2009-01-22
CVE-2006-6820
myprofile.asp in Enthrallweb eCoupons does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account's username in a modified MM_recordId parameter.
CVSS Score
3.5
EPSS Score
0.05
Published
2006-12-29
CVE-2006-6821
myprofile.asp in Enthrallweb eNews does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account's username in a modified MM_recordId parameter.
CVSS Score
3.5
EPSS Score
0.05
Published
2006-12-29
CVE-2006-6822
myprofile.asp in Enthrallweb eClassifieds does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account's username in a modified MM_recordId parameter.
CVSS Score
3.5
EPSS Score
0.043
Published
2006-12-29
CVE-2006-6802
SQL injection vulnerability in actualpic.asp in Enthrallweb ePages allows remote attackers to execute arbitrary SQL commands via the Biz_ID parameter.
CVSS Score
7.5
EPSS Score
0.006
Published
2006-12-28
CVE-2006-6803
SQL injection vulnerability in Types.asp in Enthrallweb eCars 1.0 allows remote attackers to execute arbitrary SQL commands via the Type_id parameter.
CVSS Score
7.5
EPSS Score
0.007
Published
2006-12-28
CVE-2006-6804
SQL injection vulnerability in bus_details.asp in Dragon Business Directory - Pro (aka Dragon Internet Business Search Directory - Pro) 3.01.12 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter.
CVSS Score
7.5
EPSS Score
0.004
Published
2006-12-28
CVE-2006-6805
SQL injection vulnerability in newsdetail.asp in Enthrallweb eJobs allows remote attackers to execute arbitrary SQL commands via the ID parameter.
CVSS Score
7.5
EPSS Score
0.008
Published
2006-12-28
CVE-2006-6806
SQL injection vulnerability in newsdetail.asp in Enthrallweb eMates 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.
CVSS Score
7.5
EPSS Score
0.008
Published
2006-12-28
CVE-2006-6204
Multiple SQL injection vulnerabilities in Enthrallweb eHomes allow remote attackers to execute arbitrary SQL commands via the (1) cid parameter to (a) dircat.asp; the (2) sid parameter to (b) dirSub.asp; the (3) TYPE_ID parameter to (c) types.asp; the (4) AD_ID parameter to (d) homeDetail.asp; the (5) cat parameter to (e) result.asp; the (6) compare, (7) clear, and (8) adID parameters to (f) compareHomes.asp; and the (9) aminprice, (10) amaxprice, and (11) abedrooms parameters to (g) result.asp.
CVSS Score
7.5
EPSS Score
0.014
Published
2006-12-01


Products
Pricing
Contact Us

Shodan ® - All rights reserved