EUVD-2014-9564

Malware in sbrugna...

PT-2024-17235 · WordPress · Wp Geonames

Name of the Vulnerable Software and Affected Versions: WP GeoNames plugin for WordPress versions up to, and including, 1.9.0.1 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'wp-geonames' shortcode due to insufficient input sanitization and output escaping on...

Magento E-Commerce Platform Cross-Site Scripting Vulnerability

Magento E-Commerce Platform is an open source PHP e-commerce system of the United States Magento company . The system provides rights management , search engines and payment gateways and other functions . A cross-site scripting vulnerability exists in Magento E-Commerce Platform version 1.9.0.1. ...

CVE-2014-9758

CVE-2014-9758 is a cross-site scripting (XSS) vulnerability in Magento E-Commerce Platform 1.9.0.1. Affected component: Magento 1.9.0.1 web application. Root cause: XSS in the platform. Impact per sources: Confidentiality LOW, Integrity LOW, Availability NONE (CVSS3.1); Attack vector NETWORK, Use...

Magento CE Remote Command Execution

!/usr/bin/python Exploit Title: Magento CE \nExample: python %s http://localhost "uname -a"" sys.exit if lensys.argv != 3: usage Command-line args target = sys.argv1 arg = sys.argv2 Config. username = '' password = '' phpfunction = 'system' Note: we can only pass 1 argument to the function...

Magento XSS Vulnerability

Magento is prone to multiple cross-site scripting vulnerabilities because it fails to sanitize user supplied input. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...