VYPR
Vendor

Metalinks

Products
9
CVEs
14
Across products
18
Status
Private

Products

9

Recent CVEs

14
  • CVE-2002-1432Apr 11, 2003
    risk 0.04cvss epss 0.08

    MidiCart stores the midicart.mdb database file under the Web document root, which allows remote attackers to steal sensitive information by directly requesting the database.

  • CVE-2006-6831Dec 31, 2006
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in faqDsp.asp in aFAQ 1.0 allows remote attackers to execute arbitrary SQL commands via the catcode parameter.

  • CVE-2006-6111Nov 26, 2006
    risk 0.03cvss epss 0.02

    Multiple SQL injection vulnerabilities in Alan Ward A-Cart Pro 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) productid parameter in product.asp or (2) search parameter in search.asp. NOTE: the category.asp vector is already covered by CVE-2004-1873.

  • CVE-2005-4064Dec 7, 2005
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in A-FAQ 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) faqid parameter to faqDspItem.asp and (2) catcode parameter to faqDsp.asp.

  • CVE-2004-1873Dec 31, 2004
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in category.asp in A-CART Pro and A-CART 2.0 allows remote attackers to gain privileges via the catcode parameter.

  • CVE-2008-6051Feb 4, 2009
    risk 0.00cvss epss 0.01

    MetaCart Free stores metacart.mdb under the web root with insufficient access control, which allows remote attackers to obtain usernames and passwords via a direct request.

  • CVE-2006-2948Jun 12, 2006
    risk 0.00cvss epss 0.01

    A-CART 2.0 stores the acart2_0.mdb file under the web document root with insufficient access control, which allows remote attackers to obtain username and password information.

  • CVE-2005-1622May 16, 2005
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in productsByCategory.asp in MetaCart e-Shop allows remote attackers to inject arbitrary web script or HTML via the strCatalog_NAME parameter.

  • CVE-2005-1361May 2, 2005
    risk 0.00cvss epss 0.01

    Multiple SQL injection vulnerabilities in MetaCart e-Shop 8.0 allow remote attackers to execute arbitrary SQL commands via the (1) intProdID parameter in product.asp or (2) strCatalog_NAME parameter to productsByCategory.asp.

  • CVE-2005-1362May 2, 2005
    risk 0.00cvss epss 0.01

    Multiple SQL injection vulnerabilities in MetaCart 2.0 for Paypal allow remote attackers to execute arbitrary SQL commands via the (1) intProdID parameter to product.asp, (2) intCatalogID or (3) strSubCatalogID parameters to productsByCategory.asp, (4) chkText, (5) strText, (6)…

  • CVE-2005-1363May 2, 2005
    risk 0.00cvss epss 0.02

    Multiple SQL injection vulnerabilities in MetaCart 2.0 for PayFlow allow remote attackers to execute arbitrary commands via (1) intCatalogID, (2) strSubCatalogID, or (3) strSubCatalog_NAME parameter to productsByCategory.asp, (4) curCatalogID, (5) strSubCatalog_NAME, (6)…

  • CVE-2005-1364May 2, 2005
    risk 0.00cvss epss 0.02

    Multiple SQL injection vulnerabilities in MetaBid Auctions allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password fields in logIn.asp, or (3) intAuctionID parameter to item.asp.

  • CVE-2004-1874Mar 29, 2004
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in (1) deliver.asp and (2) billing.asp in A-CART Pro and A-CART 2.0 allow remote attackers to inject arbitrary web script or HTML via the user information forms.

  • CVE-2002-0943Oct 4, 2002
    risk 0.00cvss epss 0.01

    MetaCart2.sql stores the user database under the web document root without access controls, which allows remote attackers to obtain sensitive information such as passwords and credit card numbers via a direct request for metacart.mdb.