All the vulnerabilites related to usanet_creations - makebid_auction_deluxe
Vulnerability from fkie_nvd
Published
2002-05-29 04:00
Modified
2024-11-20 23:38
Severity ?
Summary
Cross-site scripting vulnerability in auction.pl of MakeBid Auction Deluxe 3.30 allows remote attackers to obtain information from other users via the form fields (1) TITLE, (2) DESCTIT, (3) DESC, (4) searchstring, (5) ALIAS, (6) EMAIL, (7) ADDRESS1, (8) ADDRESS2, (9) ADDRESS3, (10) PHONE1, (11) PHONE2, (12) PHONE3, or (13) PHONE4.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | http_server | 1.3.17 | |
| apache | http_server | 1.3.18 | |
| apache | http_server | 1.3.19 | |
| apache | http_server | 1.3.20 | |
| apache | http_server | 1.3.22 | |
| usanet_creations | makebid_auction_deluxe | 3.30 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.17:*:*:*:*:*:*:*",
"matchCriteriaId": "0A80B17D-FD66-40BD-9ADC-FE7A3944A696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.18:*:*:*:*:*:*:*",
"matchCriteriaId": "713ADED4-CBE5-40C3-A128-99CFABF24560",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.19:*:*:*:*:*:*:*",
"matchCriteriaId": "70FA0B8E-1A90-4939-871A-38B9E93BCCC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.20:*:*:*:*:*:*:*",
"matchCriteriaId": "83BDEAE5-29B9-48E3-93FA-F30832044C9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.22:*:*:*:*:*:*:*",
"matchCriteriaId": "A2720E06-1B0E-4BFE-8C85-A17E597BB151",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usanet_creations:makebid_auction_deluxe:3.30:*:*:*:*:*:*:*",
"matchCriteriaId": "C9AE346F-60CA-4B6F-A627-423FBF555460",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in auction.pl of MakeBid Auction Deluxe 3.30 allows remote attackers to obtain information from other users via the form fields (1) TITLE, (2) DESCTIT, (3) DESC, (4) searchstring, (5) ALIAS, (6) EMAIL, (7) ADDRESS1, (8) ADDRESS2, (9) ADDRESS3, (10) PHONE1, (11) PHONE2, (12) PHONE3, or (13) PHONE4."
},
{
"lang": "es",
"value": "Vulnerabilidad de comandos en sitios cruzados en auction.pl de MakeBid Auction Deluxe 3.30 permite que atacantes remotos obtengan informaci\u00f3n de otros usuarios por medio de los campos de formulario (1) TITLE, (2) DESCTIT, (3) DESC, (4) searchstring, (5) ALIAS, (6) EMAIL, (7) ADDRESS1, (8) ADDRESS2, (9) ADDRESS3, (10) PHONE1, (11) PHONE2, (12) PHONE3, o (13) PHONE4."
}
],
"id": "CVE-2002-0257",
"lastModified": "2024-11-20T23:38:40.220",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-05-29T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=101328880521775\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/8161.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.netcreations.addr.com/dcforum/DCForumID2/126.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/4069"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=101328880521775\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/8161.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.netcreations.addr.com/dcforum/DCForumID2/126.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/4069"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-07-13 04:00
Modified
2024-11-20 23:59
Severity ?
Summary
The dispallclosed2 function in dispallclosed.pl for multiple USANet Creations products, including (1) USANet Shopping Mall Software, (2) Domain Name Auction Software, (3) Standard Classified Ads Software, and (4) MakeBid Reverse Auction allows remote attackers to execute arbitrary code via shell metacharacters in the DISPCLOSED parameter.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:usanet_creations:domain_name_auction:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6D77AED-73EF-4375-B1C0-E80502B86563",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usanet_creations:makebid_auction_deluxe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A720DA2C-10D8-467A-B375-665CFFC4198F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usanet_creations:makebid_auction_deluxe:3.30:*:*:*:*:*:*:*",
"matchCriteriaId": "C9AE346F-60CA-4B6F-A627-423FBF555460",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usanet_creations:makebid_auction_standard:*:*:*:*:*:*:*:*",
"matchCriteriaId": "39B040E0-C50A-419F-9DB4-E1D9467EEAC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usanet_creations:makebid_reverse_auction:*:*:*:*:*:*:*:*",
"matchCriteriaId": "55B80B42-B16A-4DDF-B871-B687B1F26CCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usanet_creations:standard_classified_ads:*:*:*:*:*:*:*:*",
"matchCriteriaId": "18BAEB16-830A-4E2C-B4E3-F27F3BFA66C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usanet_creations:usanet_shopping_mall:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8002F5A8-7CAC-4BEA-AFE4-0E4A2E786068",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The dispallclosed2 function in dispallclosed.pl for multiple USANet Creations products, including (1) USANet Shopping Mall Software, (2) Domain Name Auction Software, (3) Standard Classified Ads Software, and (4) MakeBid Reverse Auction allows remote attackers to execute arbitrary code via shell metacharacters in the DISPCLOSED parameter."
}
],
"id": "CVE-2005-2259",
"lastModified": "2024-11-20T23:59:09.307",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-07-13T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/15985"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://securitytracker.com/id?1014411"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/14179"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/15985"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://securitytracker.com/id?1014411"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/14179"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2005-2259
Vulnerability from cvelistv5
Published
2005-07-13 04:00
Modified
2024-08-07 22:22
Severity ?
EPSS score ?
Summary
The dispallclosed2 function in dispallclosed.pl for multiple USANet Creations products, including (1) USANet Shopping Mall Software, (2) Domain Name Auction Software, (3) Standard Classified Ads Software, and (4) MakeBid Reverse Auction allows remote attackers to execute arbitrary code via shell metacharacters in the DISPCLOSED parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/14179 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/15985 | third-party-advisory, x_refsource_SECUNIA | |
| http://securitytracker.com/id?1014411 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:22:47.694Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "14179",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14179"
},
{
"name": "15985",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/15985"
},
{
"name": "1014411",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014411"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-07-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The dispallclosed2 function in dispallclosed.pl for multiple USANet Creations products, including (1) USANet Shopping Mall Software, (2) Domain Name Auction Software, (3) Standard Classified Ads Software, and (4) MakeBid Reverse Auction allows remote attackers to execute arbitrary code via shell metacharacters in the DISPCLOSED parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-01-17T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "14179",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14179"
},
{
"name": "15985",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/15985"
},
{
"name": "1014411",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014411"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2259",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The dispallclosed2 function in dispallclosed.pl for multiple USANet Creations products, including (1) USANet Shopping Mall Software, (2) Domain Name Auction Software, (3) Standard Classified Ads Software, and (4) MakeBid Reverse Auction allows remote attackers to execute arbitrary code via shell metacharacters in the DISPCLOSED parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "14179",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14179"
},
{
"name": "15985",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15985"
},
{
"name": "1014411",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014411"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2259",
"datePublished": "2005-07-13T04:00:00",
"dateReserved": "2005-07-13T00:00:00",
"dateUpdated": "2024-08-07T22:22:47.694Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-0257
Vulnerability from cvelistv5
Published
2002-05-03 04:00
Modified
2024-08-08 02:42
Severity ?
EPSS score ?
Summary
Cross-site scripting vulnerability in auction.pl of MakeBid Auction Deluxe 3.30 allows remote attackers to obtain information from other users via the form fields (1) TITLE, (2) DESCTIT, (3) DESC, (4) searchstring, (5) ALIAS, (6) EMAIL, (7) ADDRESS1, (8) ADDRESS2, (9) ADDRESS3, (10) PHONE1, (11) PHONE2, (12) PHONE3, or (13) PHONE4.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.netcreations.addr.com/dcforum/DCForumID2/126.html | x_refsource_CONFIRM | |
| http://marc.info/?l=bugtraq&m=101328880521775&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.iss.net/security_center/static/8161.php | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/4069 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:42:28.550Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.netcreations.addr.com/dcforum/DCForumID2/126.html"
},
{
"name": "20020209 Account theft vulnerability in MakeBid Auction Deluxe 3.30",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101328880521775\u0026w=2"
},
{
"name": "makebid-description-css(8161)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/8161.php"
},
{
"name": "4069",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4069"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-02-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in auction.pl of MakeBid Auction Deluxe 3.30 allows remote attackers to obtain information from other users via the form fields (1) TITLE, (2) DESCTIT, (3) DESC, (4) searchstring, (5) ALIAS, (6) EMAIL, (7) ADDRESS1, (8) ADDRESS2, (9) ADDRESS3, (10) PHONE1, (11) PHONE2, (12) PHONE3, or (13) PHONE4."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.netcreations.addr.com/dcforum/DCForumID2/126.html"
},
{
"name": "20020209 Account theft vulnerability in MakeBid Auction Deluxe 3.30",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101328880521775\u0026w=2"
},
{
"name": "makebid-description-css(8161)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/8161.php"
},
{
"name": "4069",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4069"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0257",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in auction.pl of MakeBid Auction Deluxe 3.30 allows remote attackers to obtain information from other users via the form fields (1) TITLE, (2) DESCTIT, (3) DESC, (4) searchstring, (5) ALIAS, (6) EMAIL, (7) ADDRESS1, (8) ADDRESS2, (9) ADDRESS3, (10) PHONE1, (11) PHONE2, (12) PHONE3, or (13) PHONE4."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.netcreations.addr.com/dcforum/DCForumID2/126.html",
"refsource": "CONFIRM",
"url": "http://www.netcreations.addr.com/dcforum/DCForumID2/126.html"
},
{
"name": "20020209 Account theft vulnerability in MakeBid Auction Deluxe 3.30",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=101328880521775\u0026w=2"
},
{
"name": "makebid-description-css(8161)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8161.php"
},
{
"name": "4069",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4069"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0257",
"datePublished": "2002-05-03T04:00:00",
"dateReserved": "2002-05-01T00:00:00",
"dateUpdated": "2024-08-08T02:42:28.550Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}