Lucene search
K

1719 matches found

CERT
CERT
added 2012/10/30 12:0 a.m.35 views

TomatoCart with PayPal Express Checkout design flaw vulnerability

Overview TomatoCart 1.1.7 with PayPal Express Checkout, and possibly other versions, contains a design flaw that may allow an attacker to purchase items for free or less than advertised. Description It has been reported that TomatoCart 1.1.7 using the PayPal Express Checkout module in sandbox mod...

3.5CVSS6.3AI score0.01333EPSS
Exploits0References2
0day.today
0day.today
added 2012/10/21 12:0 a.m.33 views

WHMCS v4.5.2 Blind SQL Injection Vulnerability

WHMCS WHMCompleteSolution Affected versions: 4.5.x / || | \ | / | '| \ \ /\ / / | '/ \ | || | | | \ V V / | | | | / |/ \,|| // ,|| | Software : WHMCS WHMCompleteSolution Google Dork: Turn on thinking mode :P Date: 10/22/2012 Author: Starware Security Team www.Resecure.me Contact Us :...

7.1AI score
Exploits0
NVD
NVD
added 2012/08/14 10:55 p.m.20 views

CVE-2012-2299

The Ubercart module 6.x-2.x before 6.x-2.8 and 7.x-3.x before 7.x-3.1 for Drupal stores passwords for new customers in plaintext during checkout, which allows local users to obtain sensitive information by reading from the database...

2.1CVSS5.8AI score0.00523EPSS
Exploits1References9
Prion
Prion
added 2012/08/14 10:55 p.m.16 views

Information disclosure

The Ubercart module 6.x-2.x before 6.x-2.8 and 7.x-3.x before 7.x-3.1 for Drupal stores passwords for new customers in plaintext during checkout, which allows local users to obtain sensitive information by reading from the database...

2.1CVSS6.3AI score0.00523EPSS
Exploits1References9Affected Software1
ThreatPost
ThreatPost
added 2012/05/18 12:16 a.m.12 views

New P2P Zeus Variant Targets Popular Sites with Bogus Offers

Facebook, Gmail, Yahoo and Hotmail users should beware of rogue rebate offers and new secure payment options aimed at getting them to part with their debit card information. Earlier this week Amit Klein, CTO of Trusteer, announced the discovery of a peer-to-peer variant of the Zeus platform that...

0.9AI score
Exploits0References1
exploitpack
exploitpack
added 2012/05/01 12:0 a.m.21 views

WordPress Plugin Zingiri Web Shop 2.4.2 - Persistent Cross-Site Scripting

WordPress Plugin Zingiri Web Shop 2.4.2 - Persistent Cross-Site Scripting Wordpress Zingiri Web Shop Plugin = 2.4.2 Stored XSS Exploit Title: Wordpress Zingiri Web Shop Plugin = 2.4.0 Stored XSS Google Dork: Date: 30 Apr 2012 Author: Mehmet Ince Twitter: https://twitter.com/!/mmetince Company:...

6.7AI score
Exploits0
exploitpack
exploitpack
added 2012/04/26 12:0 a.m.15 views

WordPress Plugin Zingiri Web Shop 2.4.0 - Multiple Cross-Site Scripting Vulnerabilities

WordPress Plugin Zingiri Web Shop 2.4.0 - Multiple Cross-Site Scripting Vulnerabilities Wordpress Zingiri Web Shop Plugin '; Exploit: http://localhost/wordpress/?page=%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E 'page' variable isn't properly sanitized before being used. STORED XSS P...

6.9AI score
Exploits0
Exploit DB
Exploit DB
added 2012/04/26 12:0 a.m.29 views

WordPress Plugin Zingiri Web Shop 2.4.0 - Multiple Cross-Site Scripting Vulnerabilities

Wordpress Zingiri Web Shop Plugin '; Exploit: http://localhost/wordpress/?page=%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E 'page' variable isn't properly sanitized before being used. STORED XSS PS: Attacker should be logged for exploit. ./fws/pages-front/onecheckout.php line 27-29 i...

7.4AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2012/03/19 6:55 p.m.0 views

CVE-2011-5082

Cross-site scripting XSS vulnerability in the s2Member Pro plugin before 111220 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s2memberproauthnetcheckoutcoupon parameter aka Coupon Code field...

4.3CVSS5.8AI score0.01959EPSS
Exploits0References5
0day.today
0day.today
added 2011/09/13 12:0 a.m.26 views

WordPress WP e-Commerce plugin <= 3.8.6 SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: WordPress WP e-Commerce plugin 1,BENCHMARK5000000,MD5CHAR115,113,108,109,97,112,0%23&cs3=123f7bcd4ba53fade05886a7e77bf045&transactiontype=rebill e.g. !/bin/bash payload="-1 AND...

7.1AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2011/03/22 5:55 p.m.2 views

CVE-2009-5059

Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.10 services for Lotus Domino might allow remote authenticated users to cause a denial of service daemon crash by checking out a document that is accessed through a connector, aka SPR MMOI7PSR8J...

3.5CVSS5.6AI score0.00785EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2011/02/15 7:13 p.m.7 views

Subversion: Access restriction bypass by checkout of the root of the repository

authz.c in the moddavsvn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz shortcircuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass...

6CVSS6.7AI score0.04216EPSS
Exploits0References4
xssed
xssed
added 2010/10/07 12:0 a.m.12 views

Unfixed XSS vulnerability at www.emagic.co.uk

Security researcher nullbyt3, has submitted on 10/07/2010 a cross-site-scripting XSS vulnerability affecting www.emagic.co.uk, which at the time of submission ranked 0 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 20/12/2011. It is currently...

6.6AI score
Exploits0References1
Packet Storm
Packet Storm
added 2010/10/01 12:0 a.m.19 views

jCart 1.1 Cross Site Request Forgery / Cross Site Scripting

additem$itemid, $itemqty, $itemprice, $itemname; ------------------------- User-supplied input for variable $itemname isn't properly escaped. Proof-of-Concept: -- alertdocument.cookie" type="hidden" document.getElementById'payload'.click...

0.4AI score
Exploits0
Exploit DB
Exploit DB
added 2010/06/06 12:0 a.m.49 views

iScripts eSwap 2.0 - SQL Injection / Cross-Site Scripting

Title:iScripts eSwap v2.0 sqli and xss vulnerability Author: Sid3^effects Published: 2010-06-05 price:$99.95 email:[email protected] vendor: iScripts url : http://www.iscripts.com/eswap/ google dork : Powered by iScripts eSwap. ooooo .oooooo. oooooo oooooo oooo 888' d8P' Y8b 888. 888. .8' 888 88...

7AI score
Exploits0
0day.today
0day.today
added 2010/06/06 12:0 a.m.31 views

iScripts eSwap v2.0 XSS / SQL Injection Vulnerability

Exploit for php platform in category web applications ===================================================== iScripts eSwap v2.0 XSS / SQL Injection Vulnerability ===================================================== Title:iScripts eSwap v2.0 sqli and xss vulnerability Author: Sid3^effects...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2010/06/06 12:0 a.m.25 views

iScripts eSwap 2.0 - SQL Injection Cross-Site Scripting

iScripts eSwap 2.0 - SQL Injection Cross-Site Scripting Title:iScripts eSwap v2.0 sqli and xss vulnerability Author: Sid3^effects Published: 2010-06-05 price:$99.95 email:[email protected] vendor: iScripts url : http://www.iscripts.com/eswap/ google dork : Powered by iScripts eSwap. ooooo .ooooo...

0.7AI score
Exploits0
exploitpack
exploitpack
added 2010/05/01 12:0 a.m.29 views

Comersus 8 Shopping Cart - SQL Injection Cross-Site Request Forgery

Comersus 8 Shopping Cart - SQL Injection Cross-Site Request Forgery Exploit Title:SQL Injection and CSRF Vulnerability in Comersus 8 Shopping Cart Version: Web Application vendor :http://www.comersus.com/index.html Date: 1 apr,2010 Author:Sid3^effects Code :...

0.6AI score
Exploits0
NVD
NVD
added 2010/04/20 2:30 p.m.25 views

CVE-2009-4772

Unspecified vulnerability in the PayPal Website Payments Standard functionality in the Ubercart module 5.x before 5.x-1.9 and 6.x before 6.x-2.1 for Drupal, when a custom checkout completion message is enabled, allows attackers to obtain sensitive information via unknown vectors...

4.3CVSS6AI score0.00946EPSS
Exploits0References5
Exploit DB
Exploit DB
added 2009/12/29 12:0 a.m.38 views

QuickEStore 7.9 - SQL Injection / Full Path Disclosure Download

======================================================================================== | Title : QuickEStore v.7.9 SQLInjection and Path Diclosure Download Vulnerability| | Author : indoushka | | email : [email protected] | | Home : Souk Naamane - 04325 - Oum El Bouaghi - Algeria...

7.4AI score
Exploits0
Rows per page
Query Builder