Shodan
Vulnerabilities
Vulnerable Software
Metalinks:  Security Vulnerabilities
CVE-2008-6051
MetaCart Free stores metacart.mdb under the web root with insufficient access control, which allows remote attackers to obtain usernames and passwords via a direct request.
CVSS Score
5.0
EPSS Score
0.002
Published
2009-02-04
CVE-2005-1622
Cross-site scripting (XSS) vulnerability in productsByCategory.asp in MetaCart e-Shop allows remote attackers to inject arbitrary web script or HTML via the strCatalog_NAME parameter.
CVSS Score
4.3
EPSS Score
0.003
Published
2005-05-16
CVE-2005-1361
Multiple SQL injection vulnerabilities in MetaCart e-Shop 8.0 allow remote attackers to execute arbitrary SQL commands via the (1) intProdID parameter in product.asp or (2) strCatalog_NAME parameter to productsByCategory.asp.
CVSS Score
7.5
EPSS Score
0.006
Published
2005-05-02
CVE-2005-1362
Multiple SQL injection vulnerabilities in MetaCart 2.0 for Paypal allow remote attackers to execute arbitrary SQL commands via the (1) intProdID parameter to product.asp, (2) intCatalogID or (3) strSubCatalogID parameters to productsByCategory.asp, (4) chkText, (5) strText, (6) chkPrice, (7) intPrice, (8) chkCat, or (9) strCat parameters to searchAction.asp.
CVSS Score
7.5
EPSS Score
0.004
Published
2005-05-02
CVE-2005-1363
Multiple SQL injection vulnerabilities in MetaCart 2.0 for PayFlow allow remote attackers to execute arbitrary commands via (1) intCatalogID, (2) strSubCatalogID, or (3) strSubCatalog_NAME parameter to productsByCategory.asp, (4) curCatalogID, (5) strSubCatalog_NAME, (6) intCatalogID, or (7) page parameter to productsByCategory.asp or (8) intProdID parameter to product.asp.
CVSS Score
7.5
EPSS Score
0.006
Published
2005-05-02
CVE-2005-1364
Multiple SQL injection vulnerabilities in MetaBid Auctions allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password fields in logIn.asp, or (3) intAuctionID parameter to item.asp.
CVSS Score
7.5
EPSS Score
0.01
Published
2005-05-02
CVE-2002-0943
MetaCart2.sql stores the user database under the web document root without access controls, which allows remote attackers to obtain sensitive information such as passwords and credit card numbers via a direct request for metacart.mdb.
CVSS Score
6.4
EPSS Score
0.004
Published
2002-10-04


Products
Pricing
Contact Us

Shodan ® - All rights reserved