Virtual Programming » Vp-asp : Security Vulnerabilities, CVEs,

CVE-2007-0225

Cross-site scripting (XSS) vulnerability in shopcustadmin.asp in VP-ASP Shopping Cart 6.09 and earlier allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
Max CVSS
6.8
EPSS Score
0.50%
Published
2007-01-13
Updated
2017-10-19

CVE-2007-0224

SQL injection vulnerability in shopgiftregsearch.asp in VP-ASP Shopping Cart 6.09 and earlier allows remote attackers to execute arbitrary SQL commands via the LoginLastname parameter.
Max CVSS
7.5
EPSS Score
0.31%
Published
2007-01-13
Updated
2017-10-19

CVE-2006-2263

SQL injection vulnerability in shopcurrency.asp in VP-ASP 6.00 allows remote attackers to execute arbitrary SQL commands via the cid parameter.
Max CVSS
7.5
EPSS Score
0.67%
Published
2006-05-09
Updated
2017-10-19

CVE-2005-3685

Cross-site scripting (XSS) vulnerability in shopadmin.asp in VP-ASP Shopping Cart 5.50 allows remote attackers to inject arbitrary web script or HTML via the UserName parameter.
Max CVSS
4.3
EPSS Score
0.59%
Published
2005-11-19
Updated
2011-03-08

CVE-2004-2413

SQL injection vulnerability in VP-ASP Shopping Cart 4.0 through 5.0 allows remote attackers to execute arbitrary SQL commands via the (1) Processed0 and (2) Processed1 parameters in a POST request to shopproductselect.asp.
Max CVSS
7.5
EPSS Score
0.27%
Published
2004-12-31
Updated
2017-07-11

CVE-2004-2412

Multiple SQL injection vulnerabilities in VP-ASP Shopping Cart 4.0 through 5.0 allow remote attackers to execute arbitrary SQL commands via the catalogid parameter in (1) shopreviewlist.asp and (2) shopreviewadd.asp.
Max CVSS
7.5
EPSS Score
0.19%
Published
2004-12-31
Updated
2017-07-11

CVE-2004-2411

The CleanseMessage function in shop$db.asp for VP-ASP Shopping Cart 4.0 through 5.0 does not sufficiently cleanse inputs, which allows remote attackers to conduct cross-site scripting (XSS) attacks that do not use <script> tags, as demonstrated via javascript in IMG tags to (1) the cat parameter in shopdisplayproducts.asp or (2) the msg parameter in shoperror.asp, and possibly other vectors.
Max CVSS
4.3
EPSS Score
0.48%
Published
2004-12-31
Updated
2017-07-11

CVE-2004-2164

shoprestoreorder.asp in VP-ASP 5.0 does not close the database connection when a user restores a previous order, which allows remote attackers to cause a denial of service (connection consumption).
Max CVSS
5.0
EPSS Score
1.82%
Published
2004-12-31
Updated
2017-07-11

CVE-2003-0560

SQL injection vulnerability in shopexd.asp for VP-ASP allows remote attackers to gain administrator privileges via the id parameter.
Max CVSS
10.0
EPSS Score
0.15%
Published
2003-08-18
Updated
2016-10-18

CVE-2002-1919

SQL injection vulnerability in shopadmin.asp in VP-ASP 4.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username or (2) password fields.
Max CVSS
7.5
EPSS Score
0.35%
Published
2002-12-31
Updated
2009-04-11
10 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close