This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Cactusoft First view 2004-12-31
Product Cactushop Last view 2007-06-05
Version 5.0 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:cactusoft:cactushop

Activity : Overall

Related : CVE

  Date Alert Description
7.8 2007-06-05 CVE-2007-3061

Cactushop 6 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) cactushop6.mdb or (2) cactushop5.mdb.
4.3 2004-12-31 CVE-2004-1882

Cross-site scripting (XSS) vulnerability in popuplargeimage.asp in CactuShop 5.x allows remote attackers to inject arbitrary web script or HTML via the strImageTag parameter.
7.5 2004-12-31 CVE-2004-1881

SQL injection vulnerability in (1) mailorder.asp or (2) payonline.asp in CactuShop 5.x allows remote attackers to execute arbitrary SQL commands via the strItems parameter.

CWE : Common Weakness Enumeration

%idName
100% (1) CWE-255 Credentials Management

Open Source Vulnerability Database (OSVDB)

id Description
42053 Cactusoft CactuShop cactushop5.mdb Direct Request Database Disclosure
42052 Cactusoft CactuShop cactushop6.mdb Direct Request Database Disclosure
4787 Cactusoft CactuShop popuplargeimage.asp strImageTag Parameter XSS
4786 Cactusoft CactuShop mailorder.asp strItems Parameter SQL Injection
4785 Cactusoft CactuShop payonline.asp strItems Parameter SQL Injection

OpenVAS Exploits

id Description
2005-11-03 Name : CactuShop XSS and SQL injection flaws
File : nvt/cactuShop_multiple_flaws.nasl

Nessus® Vulnerability Scanner

id Description
2004-10-12 Name: The remote web server contains an ASP application that is affected by multipl...
File: cactuShop_multiple_flaws.nasl - Type: ACT_GATHER_INFO