Vulnerabilities > CVE-2005-1029 - SQL Injection vulnerability in Active web Softwares Active Auction House 7.1
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple SQL injection vulnerabilities in Active Auction House allow remote attackers to execute arbitrary SQL commands via the (1) catid, (2) SortDir, or (3) Sortby parameter to default.asp, (4) itemID parameter to ItemInfo.asp, or (5) Email field to sendpassword.asp.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Nessus
NASL family | CGI abuses |
NASL id | ACTIVE_AUCTION_SQL.NASL |
description | The remote host is running Active Auction, an auction software written in ASP. The remote version of this software is affected by various SQL injection and cross-site scripting issues. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 17989 |
published | 2005-04-07 |
reporter | This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/17989 |
title | Active Auction Multiple Vulnerabilities (SQLi, XSS) |
code |
|
References
- http://digitalparadox.org/advisories/aass.txt
- http://marc.info/?l=bugtraq&m=111280834000432&w=2
- http://secunia.com/advisories/14839
- http://www.osvdb.org/15281
- http://www.osvdb.org/15282
- http://www.osvdb.org/15283
- http://www.securityfocus.com/bid/13032
- http://www.securityfocus.com/bid/13034
- http://www.securityfocus.com/bid/13035
- http://www.securitytracker.com/alerts/2005/Apr/1013649.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19977