Vulnerabilities > Enthrallweb

DATE CVE VULNERABILITY TITLE RISK
2009-01-22 CVE-2009-0252 SQL Injection vulnerability in Enthrallweb Ereservations
Multiple SQL injection vulnerabilities in default.asp in Enthrallweb eReservations allow remote attackers to execute arbitrary SQL commands via the (1) Login parameter (aka username field) or the (2) Password parameter (aka password field).
network
low complexity
enthrallweb CWE-89
7.5
2006-12-29 CVE-2006-6822 Products Myprofile.ASP Arbitrary User Password Change vulnerability in EnthrallWeb
myprofile.asp in Enthrallweb eClassifieds does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account's username in a modified MM_recordId parameter.
network
enthrallweb
3.5
2006-12-29 CVE-2006-6821 Products Myprofile.ASP Arbitrary User Password Change vulnerability in EnthrallWeb
myprofile.asp in Enthrallweb eNews does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account's username in a modified MM_recordId parameter.
network
enthrallweb
3.5
2006-12-29 CVE-2006-6820 Products Myprofile.ASP Arbitrary User Password Change vulnerability in EnthrallWeb
myprofile.asp in Enthrallweb eCoupons does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account's username in a modified MM_recordId parameter.
network
enthrallweb
3.5
2006-12-28 CVE-2006-6806 SQL-Injection vulnerability in Enthrallweb Emates 1.0
SQL injection vulnerability in newsdetail.asp in Enthrallweb eMates 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.
network
low complexity
enthrallweb
7.5
2006-12-28 CVE-2006-6805 SQL-Injection vulnerability in eJobs
SQL injection vulnerability in newsdetail.asp in Enthrallweb eJobs allows remote attackers to execute arbitrary SQL commands via the ID parameter.
network
low complexity
enthrallweb
7.5
2006-12-28 CVE-2006-6804 SQL Injection vulnerability in Dragon Business Directory Bus_Details.ASP
SQL injection vulnerability in bus_details.asp in Dragon Business Directory - Pro (aka Dragon Internet Business Search Directory - Pro) 3.01.12 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter.
network
low complexity
enthrallweb
7.5
2006-12-28 CVE-2006-6803 SQL Injection vulnerability in Enthrallweb Ecars 1.0
SQL injection vulnerability in Types.asp in Enthrallweb eCars 1.0 allows remote attackers to execute arbitrary SQL commands via the Type_id parameter.
network
low complexity
enthrallweb
7.5
2006-12-28 CVE-2006-6802 SQL Injection vulnerability in Enthrallweb ePages Actualpic.ASP
SQL injection vulnerability in actualpic.asp in Enthrallweb ePages allows remote attackers to execute arbitrary SQL commands via the Biz_ID parameter.
network
low complexity
enthrallweb
7.5
2006-12-01 CVE-2006-6208 SQL Injection vulnerability in Enthrallweb EClassifieds
Multiple SQL injection vulnerabilities in Enthrallweb eClassifieds allow remote attackers to execute arbitrary SQL commands via the (1) AD_ID, (2) cat_id, (3) sub_id, and (4) ad_id parameters to (a) ad.asp, the (5) cid parameter to (b) dircat.asp, and the (6) sid parameter to (c) dirSub.asp.
network
low complexity
enthrallweb
7.5