MidnightBSD

Advisories for oneworldstore

CVE-2005-1161 HIGH

Multiple SQL injection vulnerabilities in OneWorldStore allow remote attackers to execute arbitrary SQL commands via the idProduct parameter to (1) owAddItem.asp or (2) owProductDetail.asp, (3) idCategory parameter to owListProduct.asp, or (4) bSpecials parameter to owListProduct.asp.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
oneworldstore oneworldstore *
CVE-2005-1162 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in OneWorldStore allow remote attackers to inject arbitrary web script or HTML via the (1) sEmail parameter to owContactUs.asp, (2) bSub parameter to owListProduct.asp, or the (3) Name, (4) Email, or (5) Comment fields in owProductDetail.asp.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
oneworldstore oneworldstore *
CVE-2005-1328 MEDIUM

OneWorldStore allows remote attackers to cause a denial of service (application crash) via a direct request to owConnections/chksettings.asp.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
oneworldstore oneworldstore free
oneworldstore oneworldstore business
oneworldstore oneworldstore soho
oneworldstore oneworldstore basic
oneworldstore oneworldstore enterprise
CVE-2005-1329 MEDIUM

owOfflineCC.asp in OneWorldStore allows remote attackers to obtain sensitive information by modifying the idOrder parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
oneworldstore oneworldstore free
oneworldstore oneworldstore business
oneworldstore oneworldstore soho
oneworldstore oneworldstore basic
oneworldstore oneworldstore enterprise