Vulnerabilities > Metalinks

DATE CVE VULNERABILITY TITLE RISK
2009-02-04 CVE-2008-6051 Permissions, Privileges, and Access Controls vulnerability in Metalinks Metacart
MetaCart Free stores metacart.mdb under the web root with insufficient access control, which allows remote attackers to obtain usernames and passwords via a direct request.
network
low complexity
metalinks CWE-264
5.0
2005-05-16 CVE-2005-1622 Unspecified vulnerability in Metalinks Metacart E-Shop
Cross-site scripting (XSS) vulnerability in productsByCategory.asp in MetaCart e-Shop allows remote attackers to inject arbitrary web script or HTML via the strCatalog_NAME parameter.
network
metalinks
4.3
2005-05-02 CVE-2005-1364 Remote SQL Injection vulnerability in MetaBid Auctions intAuctionID Parameter
Multiple SQL injection vulnerabilities in MetaBid Auctions allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password fields in logIn.asp, or (3) intAuctionID parameter to item.asp.
network
low complexity
metalinks
7.5
2005-05-02 CVE-2005-1363 SQL-Injection vulnerability in Metalinks Metacart2 Payflowlink
Multiple SQL injection vulnerabilities in MetaCart 2.0 for PayFlow allow remote attackers to execute arbitrary commands via (1) intCatalogID, (2) strSubCatalogID, or (3) strSubCatalog_NAME parameter to productsByCategory.asp, (4) curCatalogID, (5) strSubCatalog_NAME, (6) intCatalogID, or (7) page parameter to productsByCategory.asp or (8) intProdID parameter to product.asp.
network
low complexity
metalinks
7.5
2005-05-02 CVE-2005-1362 SQL-Injection vulnerability in Metalinks Metacart2 Paypal
Multiple SQL injection vulnerabilities in MetaCart 2.0 for Paypal allow remote attackers to execute arbitrary SQL commands via the (1) intProdID parameter to product.asp, (2) intCatalogID or (3) strSubCatalogID parameters to productsByCategory.asp, (4) chkText, (5) strText, (6) chkPrice, (7) intPrice, (8) chkCat, or (9) strCat parameters to searchAction.asp.
network
low complexity
metalinks
7.5
2005-05-02 CVE-2005-1361 Remote SQL Injection vulnerability in Metalinks Metacart E-Shop 8.0
Multiple SQL injection vulnerabilities in MetaCart e-Shop 8.0 allow remote attackers to execute arbitrary SQL commands via the (1) intProdID parameter in product.asp or (2) strCatalog_NAME parameter to productsByCategory.asp.
network
low complexity
metalinks
7.5
2002-10-04 CVE-2002-0943 Information Disclosure vulnerability in Metacart2.Sql
MetaCart2.sql stores the user database under the web document root without access controls, which allows remote attackers to obtain sensitive information such as passwords and credit card numbers via a direct request for metacart.mdb.
network
low complexity
metalinks
6.4