Vulnerabilities > AJ Square

DATE CVE VULNERABILITY TITLE RISK
2009-08-13 CVE-2008-6966 Permissions, Privileges, and Access Controls vulnerability in AJ Square AJ Auction 1.0
AJ Square AJ Auction Pro Platinum Skin #1 sends a redirect but does not exit when it is called directly, which allows remote attackers to bypass authentication via a direct request to admin/user.php.
network
low complexity
aj-square CWE-264
7.5
2009-08-13 CVE-2008-6965 Improper Authentication vulnerability in AJ Square AJ Auction 1.0/2.0/Web2.0
AJ Square AJ Auction OOPD, Pro Platinum Skin #1, Pro Platinum Skin #2, and Web 2.0 send a redirect but do not exit when certain scripts are called directly, which allows remote attackers to bypass authentication via a direct request to (1) site.php, (2) auction.php, (3) mail.php, (4) fee_setting.php, (5) earnings.php, (6) insertion_fee_settings.php, (7) custom_category.php, (8) subcategory.php, (9) category.php, (10) report.php, (11) store_manager.php, and (12) choose_sell_format.php in admin/, and possibly other vectors.
network
low complexity
aj-square CWE-287
7.5
2009-03-06 CVE-2008-6414 SQL Injection vulnerability in AJ Square AJ Auction 2.0
SQL injection vulnerability in detail.php in AJ Auction Pro Platinum Skin 2 allows remote attackers to execute arbitrary SQL commands via the item_id parameter.
network
low complexity
aj-square CWE-89
7.5
2009-01-28 CVE-2008-6004 Cross-Site Scripting vulnerability in AJ Square AJ Auction 2.0
Cross-site scripting (XSS) vulnerability in search.php in AJ Auction Pro Platinum 2 allows remote attackers to inject arbitrary web script or HTML via the product parameter.
network
aj-square CWE-79
4.3
2009-01-28 CVE-2008-6003 SQL Injection vulnerability in AJ Square AJ Auction 2.0
SQL injection vulnerability in sellers_othersitem.php in AJ Auction Pro Platinum 2 allows remote attackers to execute arbitrary SQL commands via the seller_id parameter.
network
low complexity
aj-square CWE-89
7.5
2008-11-24 CVE-2008-5216 SQL Injection vulnerability in AJ Square Zeuscart
SQL injection vulnerability in category_list.php in AJ Square ZeusCart 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the cid parameter.
network
low complexity
aj-square CWE-89
7.5
2008-11-24 CVE-2008-5213 SQL Injection vulnerability in AJ Square AJ Article 1.0
SQL injection vulnerability in featured_article.php in AJ Article 1.0 allows remote attackers to execute arbitrary SQL commands via the artid parameter in a search detail action.
network
low complexity
aj-square CWE-89
7.5
2008-11-24 CVE-2008-5212 SQL Injection vulnerability in AJ Square AJ Auction 1.0/Web2.0
SQL injection vulnerability in classifide_ad.php in AJ Auction 6.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the item_id parameter.
network
low complexity
aj-square CWE-89
7.5
2008-09-11 CVE-2008-4044 SQL Injection vulnerability in AJ Square AJ Hyip Acme
SQL injection vulnerability in article/readarticle.php in AJ Square aj-hyip (aka AJ HYIP Acme) allows remote attackers to execute arbitrary SQL commands via the artid parameter.
network
low complexity
aj-square CWE-89
7.5
2008-09-11 CVE-2008-4043 SQL Injection vulnerability in AJ Square AJ Hyip Acme
Multiple SQL injection vulnerabilities in AJ Square AJ HYIP Acme allow remote attackers to execute arbitrary SQL commands via the artid parameter to (1) acme/article/comment.php and (2) prime/article/comment.php.
network
low complexity
aj-square CWE-89
7.5