1719 matches found
TomatoCart with PayPal Express Checkout design flaw vulnerability
Overview TomatoCart 1.1.7 with PayPal Express Checkout, and possibly other versions, contains a design flaw that may allow an attacker to purchase items for free or less than advertised. Description It has been reported that TomatoCart 1.1.7 using the PayPal Express Checkout module in sandbox mod...
WHMCS v4.5.2 Blind SQL Injection Vulnerability
WHMCS WHMCompleteSolution Affected versions: 4.5.x / || | \ | / | '| \ \ /\ / / | '/ \ | || | | | \ V V / | | | | / |/ \,|| // ,|| | Software : WHMCS WHMCompleteSolution Google Dork: Turn on thinking mode :P Date: 10/22/2012 Author: Starware Security Team www.Resecure.me Contact Us :...
CVE-2012-2299
The Ubercart module 6.x-2.x before 6.x-2.8 and 7.x-3.x before 7.x-3.1 for Drupal stores passwords for new customers in plaintext during checkout, which allows local users to obtain sensitive information by reading from the database...
Information disclosure
The Ubercart module 6.x-2.x before 6.x-2.8 and 7.x-3.x before 7.x-3.1 for Drupal stores passwords for new customers in plaintext during checkout, which allows local users to obtain sensitive information by reading from the database...
New P2P Zeus Variant Targets Popular Sites with Bogus Offers
Facebook, Gmail, Yahoo and Hotmail users should beware of rogue rebate offers and new secure payment options aimed at getting them to part with their debit card information. Earlier this week Amit Klein, CTO of Trusteer, announced the discovery of a peer-to-peer variant of the Zeus platform that...
WordPress Plugin Zingiri Web Shop 2.4.2 - Persistent Cross-Site Scripting
WordPress Plugin Zingiri Web Shop 2.4.2 - Persistent Cross-Site Scripting Wordpress Zingiri Web Shop Plugin = 2.4.2 Stored XSS Exploit Title: Wordpress Zingiri Web Shop Plugin = 2.4.0 Stored XSS Google Dork: Date: 30 Apr 2012 Author: Mehmet Ince Twitter: https://twitter.com/!/mmetince Company:...
WordPress Plugin Zingiri Web Shop 2.4.0 - Multiple Cross-Site Scripting Vulnerabilities
WordPress Plugin Zingiri Web Shop 2.4.0 - Multiple Cross-Site Scripting Vulnerabilities Wordpress Zingiri Web Shop Plugin '; Exploit: http://localhost/wordpress/?page=%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E 'page' variable isn't properly sanitized before being used. STORED XSS P...
WordPress Plugin Zingiri Web Shop 2.4.0 - Multiple Cross-Site Scripting Vulnerabilities
Wordpress Zingiri Web Shop Plugin '; Exploit: http://localhost/wordpress/?page=%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E 'page' variable isn't properly sanitized before being used. STORED XSS PS: Attacker should be logged for exploit. ./fws/pages-front/onecheckout.php line 27-29 i...
CVE-2011-5082
Cross-site scripting XSS vulnerability in the s2Member Pro plugin before 111220 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s2memberproauthnetcheckoutcoupon parameter aka Coupon Code field...
WordPress WP e-Commerce plugin <= 3.8.6 SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: WordPress WP e-Commerce plugin 1,BENCHMARK5000000,MD5CHAR115,113,108,109,97,112,0%23&cs3=123f7bcd4ba53fade05886a7e77bf045&transactiontype=rebill e.g. !/bin/bash payload="-1 AND...
CVE-2009-5059
Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.10 services for Lotus Domino might allow remote authenticated users to cause a denial of service daemon crash by checking out a document that is accessed through a connector, aka SPR MMOI7PSR8J...
Subversion: Access restriction bypass by checkout of the root of the repository
authz.c in the moddavsvn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz shortcircuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass...
Unfixed XSS vulnerability at www.emagic.co.uk
Security researcher nullbyt3, has submitted on 10/07/2010 a cross-site-scripting XSS vulnerability affecting www.emagic.co.uk, which at the time of submission ranked 0 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 20/12/2011. It is currently...
jCart 1.1 Cross Site Request Forgery / Cross Site Scripting
additem$itemid, $itemqty, $itemprice, $itemname; ------------------------- User-supplied input for variable $itemname isn't properly escaped. Proof-of-Concept: -- alertdocument.cookie" type="hidden" document.getElementById'payload'.click...
iScripts eSwap 2.0 - SQL Injection / Cross-Site Scripting
Title:iScripts eSwap v2.0 sqli and xss vulnerability Author: Sid3^effects Published: 2010-06-05 price:$99.95 email:[email protected] vendor: iScripts url : http://www.iscripts.com/eswap/ google dork : Powered by iScripts eSwap. ooooo .oooooo. oooooo oooooo oooo 888' d8P' Y8b 888. 888. .8' 888 88...
iScripts eSwap v2.0 XSS / SQL Injection Vulnerability
Exploit for php platform in category web applications ===================================================== iScripts eSwap v2.0 XSS / SQL Injection Vulnerability ===================================================== Title:iScripts eSwap v2.0 sqli and xss vulnerability Author: Sid3^effects...
iScripts eSwap 2.0 - SQL Injection Cross-Site Scripting
iScripts eSwap 2.0 - SQL Injection Cross-Site Scripting Title:iScripts eSwap v2.0 sqli and xss vulnerability Author: Sid3^effects Published: 2010-06-05 price:$99.95 email:[email protected] vendor: iScripts url : http://www.iscripts.com/eswap/ google dork : Powered by iScripts eSwap. ooooo .ooooo...
Comersus 8 Shopping Cart - SQL Injection Cross-Site Request Forgery
Comersus 8 Shopping Cart - SQL Injection Cross-Site Request Forgery Exploit Title:SQL Injection and CSRF Vulnerability in Comersus 8 Shopping Cart Version: Web Application vendor :http://www.comersus.com/index.html Date: 1 apr,2010 Author:Sid3^effects Code :...
CVE-2009-4772
Unspecified vulnerability in the PayPal Website Payments Standard functionality in the Ubercart module 5.x before 5.x-1.9 and 6.x before 6.x-2.1 for Drupal, when a custom checkout completion message is enabled, allows attackers to obtain sensitive information via unknown vectors...
QuickEStore 7.9 - SQL Injection / Full Path Disclosure Download
======================================================================================== | Title : QuickEStore v.7.9 SQLInjection and Path Diclosure Download Vulnerability| | Author : indoushka | | email : [email protected] | | Home : Souk Naamane - 04325 - Oum El Bouaghi - Algeria...