MidnightBSD

Advisories for quadcomm

CVE-2004-2108 HIGH

Multiple SQL injection vulnerabilities in QuadComm Q-Shop allow remote attackers to execute arbitrary SQL commands via certain parameters to (1) search.asp, (2) browse.asp, (3) details.asp, (4) showcat.asp, (5) users.asp, (6) addtomylist.asp, (7) modline.asp, (8) cart.asp, or (9) newuser.asp.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
quadcomm q-shop 2.0
quadcomm q-shop 2.5_beta
quadcomm q-shop 2.5
quadcomm q-shop 2.1
CVE-2004-2109 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in (1) imagezoom.asp or (2) recommend.asp in Q-Shop allow remote attackers to execute arbitrary script and steal the user session ID via Javascript in a URL.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
quadcomm q-shop 2.0
quadcomm q-shop 2.5_beta
quadcomm q-shop 2.5
quadcomm q-shop 2.1