EUVD-2008-3756

Malware in sbrugna...

Freeway 1.4.1.171 - french/account_newsletters.php language Parameter Traversal Local File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/30731/info Freeway is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these vulnerabilities using directory-traversal strings to view...

CVE-2008-3841

Technical details about CVE-2008-3841 are not publicly available in the provided connected documents. The initial description notes an XSS in Freeway eCommerce 1.4.1.171, but no vendor/versions/impact/fix are elaborated here. Monitor for updates.

Remote file inclusion

PHP remote file inclusion vulnerability in admin/createordernew.php in Freeway 1.4.1.171, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the includepage parameter...

Directory traversal

Multiple directory traversal vulnerabilities in Freeway 1.4.1.171, when registerglobals is enabled, allow remote attackers to include and execute arbitrary local files via a .. dot dot in the language parameter to 1 includes/eventsapplicationtop.php; 2 english/account.php, 3 french/account.php, a...

CVE-2008-3769

PHP remote file inclusion vulnerability in admin/createordernew.php in Freeway 1.4.1.171, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the includepage parameter...

CVE-2008-3769

PHP remote file inclusion vulnerability in admin/createordernew.php in Freeway 1.4.1.171, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the includepage parameter...

CVE-2008-3769

CVE-2008-3769 describes a PHP remote file inclusion vulnerability in Freeway 1.4.1.171, specifically in admin/create_order_new.php. When register_globals is enabled, an attacker can supply a URL in the include_page parameter to cause the application to include remote PHP code, enabling arbitrary ...

DSECRG-08-036.txt

Digital Security Research Group DSecRG Advisory DSECRG-08-036 Application: Freeway eCommerce Versions Affected: 1.4.1.171 Vendor URL: http://www.openfreeway.org/ Bugs: RFI, Multiple LFI, XSS Exploits: YES Reported: 27.06.2008 Second report: 04.07.2008 Vendor response: 06.07.2008 Solution: YES Dat...

[DSECRG-08-036] Multiple Security Vulnerabilities in Freeway eCommerce 1.4.1.171

Digital Security Research Group DSecRG Advisory DSECRG-08-036 Application: Freeway eCommerce Versions Affected: 1.4.1.171 Vendor URL: http://www.openfreeway.org/ Bugs: RFI, Multiple LFI, XSS Exploits: YES Reported: 27.06.2008 Second report: 04.07.2008 Vendor response: 06.07.2008 Solution: YES Dat...

Freeway 1.4.1.171 - includesmodulesnewsdesknewsdesk_article_require.php?language Traversal Local File Inclusion

Freeway 1.4.1.171 - includesmodulesnewsdesknewsdeskarticlerequire.php?language Traversal Local File Inclusion source: https://www.securityfocus.com/bid/30731/info Freeway is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker...

Freeway 1.4.1.171 - '/templates/Freeway/boxes/card1.php?language' Traversal Local File Inclusion

source: https://www.securityfocus.com/bid/30731/info Freeway is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these vulnerabilities using directory-traversal strings to view local files in the context of the...