GCVE - cpe:2.3:a:active_web_softwares:active_auction

Approved changes feed: RSS · Atom

cpe:2.3:a:active_web_softwares:active_auction_house:7.1:*:pro:*:*:*:*:*

part: a version: 7.1 update: *

Vendor	Active Web Softwares (`8302a14e-d0b6-5aeb-89a9-80467b996269`)
Product	Active Auction House (`86a7f382-62ab-51ae-9afc-7d790e8d458e`)
Edition	pro
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2007-1712`	vulnerable	2026-06-03 14:28:06.485512	Details available SQL injection vulnerability in default.asp in ActiveWebSoftwares Active Auction Pro 7.1 allows remote attackers to execute arbitrary SQL commands via the catid parameter. Published: 2007-03-27T21:00:00.000Z Updated: 2024-08-07T13:06:26.095Z Open on db.gcve.eu Reference links https://www.exploit-db.com/exploits/3551 https://exchange.xforce.ibmcloud.com/vulnerabilities/33182 http://www.osvdb.org/34420 http://secunia.com/advisories/24626 http://www.vupen.com/english/advisories/2007/1097	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2005-1030`	vulnerable	2026-06-03 14:26:57.235436	Details available Multiple cross-site scripting (XSS) vulnerabilities in Active Auction House allow remote attackers to inject arbitrary web script or HTML via the (1) ReturnURL, (2) password, (3) username parameter, (4) ReturnURL parameter to account.asp, (5) Table, (6) Title parameter to sendpassword.asp, or (7) itemid to watchthisitem.asp. Published: 2005-04-09T04:00:00.000Z Updated: 2024-08-07T21:35:59.653Z Open on db.gcve.eu Reference links http://www.osvdb.org/15287 http://www.securityfocus.com/bid/13038 http://www.osvdb.org/15286 http://www.securityfocus.com/bid/13036 http://www.securityfocus.com/bid/13039	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2005-1029`	vulnerable	2026-06-03 14:26:57.234950	Details available Multiple SQL injection vulnerabilities in Active Auction House allow remote attackers to execute arbitrary SQL commands via the (1) catid, (2) SortDir, or (3) Sortby parameter to default.asp, (4) itemID parameter to ItemInfo.asp, or (5) Email field to sendpassword.asp. Published: 2005-04-09T04:00:00.000Z Updated: 2024-08-07T21:35:59.955Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/13034 https://exchange.xforce.ibmcloud.com/vulnerabilities/19977 http://www.osvdb.org/15283 http://www.securitytracker.com/alerts/2005/Apr/1013649.html http://www.osvdb.org/15281	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Active Auction House

PURL mappings

Vulnerability references

Contribute