MidnightBSD

Advisories for usanet_creations

CVE-2002-0257 HIGH

Cross-site scripting vulnerability in auction.pl of MakeBid Auction Deluxe 3.30 allows remote attackers to obtain information from other users via the form fields (1) TITLE, (2) DESCTIT, (3) DESC, (4) searchstring, (5) ALIAS, (6) EMAIL, (7) ADDRESS1, (8) ADDRESS2, (9) ADDRESS3, (10) PHONE1, (11) PHONE2, (12) PHONE3, or (13) PHONE4.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache http_server 1.3.19
apache http_server 1.3.20
apache http_server 1.3.22
apache http_server 1.3.17
usanet_creations makebid_auction_deluxe 3.30
apache http_server 1.3.18
CVE-2005-2259 HIGH

The dispallclosed2 function in dispallclosed.pl for multiple USANet Creations products, including (1) USANet Shopping Mall Software, (2) Domain Name Auction Software, (3) Standard Classified Ads Software, and (4) MakeBid Reverse Auction allows remote attackers to execute arbitrary code via shell metacharacters in the DISPCLOSED parameter.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
usanet_creations makebid_auction_deluxe *
usanet_creations makebid_auction_standard *
usanet_creations makebid_reverse_auction *
usanet_creations usanet_shopping_mall *
usanet_creations makebid_auction_deluxe 3.30
usanet_creations domain_name_auction *
usanet_creations standard_classified_ads *