CVE-2005-0935
published 2005-05-02CVE-2005-0935: Multiple SQL injection vulnerabilities in ESMI PayPal Storefront allow remote attackers to execute arbitrary SQL commands via the (1) idpages parameter to…
PriorityP338high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.33%
67.6th percentile
Multiple SQL injection vulnerabilities in ESMI PayPal Storefront allow remote attackers to execute arbitrary SQL commands via the (1) idpages parameter to pages.php or the (2) id2 parameter to products1.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| esmi | paypal_storefront | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Microsoft Internet Explorer - 'javaprxy.dll' COM Object Remote Overflow
exploitdb·2005-07-05
CVE-2005-2087 Microsoft Internet Explorer - 'javaprxy.dll' COM Object Remote Overflow
Microsoft Internet Explorer - 'javaprxy.dll' COM Object Remote Overflow
---
# Bindshell on port 28876 - Based on Berend-Jan Wever's IE exploit
# 01 July 2005
#
# Description - http://www.frsirt.com/english/advisories/2005/0935
# Workarounds - http://www.microsoft.com/technet/security/advisory/903144.mspx
# sec-consult - http://www.sec-consult.com/184.html
#
# Solution :
# Set Internet and Local intranet security zone settings to "High" or use
# another browser until a patch is released.
#
# Tested on :
# Internet Explorer 6 on Microsoft Windows XP SP2
# Internet Explorer 6 on Microsoft Windows XP SP1
#
# Affected versions :
# Internet Explorer 5.01 Service Pack 3 on Microsoft Windows 2000 Service Pack 3
# Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4
# I
Exploit-DB
ESMI PayPal StoreFront 1.7 - 'products1.php?id2' SQL Injection
exploitdb·2005-03-26
CVE-2005-0935 ESMI PayPal StoreFront 1.7 - 'products1.php?id2' SQL Injection
ESMI PayPal StoreFront 1.7 - 'products1.php?id2' SQL Injection
---
source: https://www.securityfocus.com/bid/12903/info
ESMI PayPal Storefront is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in as SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
http://www.example.com/hv/ecdis/products1.php?id=6&id2='SQLINJECTION&subcat=Asus&p=products1
Exploit-DB
ESMI PayPal StoreFront 1.7 - 'pages.php?idpages' SQL Injection
exploitdb·2005-03-26
CVE-2005-0935 ESMI PayPal StoreFront 1.7 - 'pages.php?idpages' SQL Injection
ESMI PayPal StoreFront 1.7 - 'pages.php?idpages' SQL Injection
---
source: https://www.securityfocus.com/bid/12903/info
ESMI PayPal Storefront is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in as SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
http://www.example.com/hv/ecdis/pages.php?idpages='SQLINJECTION
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=111221890614271&w=2http://secunia.com/advisories/14711http://securitytracker.com/id?1013563http://www.hackerscenter.com/Archive/view.asp?id=1774http://www.osvdb.org/15057http://www.osvdb.org/15058http://www.securityfocus.com/bid/12903http://marc.info/?l=bugtraq&m=111221890614271&w=2http://secunia.com/advisories/14711http://securitytracker.com/id?1013563http://www.hackerscenter.com/Archive/view.asp?id=1774http://www.osvdb.org/15057http://www.osvdb.org/15058http://www.securityfocus.com/bid/12903
2005-05-02
Published