Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-1029

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-1029
Last Modified 05 Sep 2008 04:48:01
Published 06 Apr 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-1029

Summary

Multiple SQL injection vulnerabilities in Active Auction House allow remote attackers to execute arbitrary SQL commands via the (1) catid, (2) SortDir, or (3) Sortby parameter to default.asp, (4) itemID parameter to ItemInfo.asp, or (5) Email field to sendpassword.asp.

Vulnerable Systems

Application

  • Active Web Softwares Active Auction House 7.1


References

XF - aah-multiple-scripts-sql-injection(19977)

SECTRACK - 1013649

BID - 13035

BID - 13034

BID - 13032

SECUNIA - 14839

BUGTRAQ - 20050406 Active Auction House has multiple Sql injection, error and XSS

OSVDB - 15283

OSVDB - 15282

OSVDB - 15281


Last Updated: 27 May 2016 10:40:01