34 matches found
CVE-2005-1487
Multiple SQL injection vulnerabilities in FishCart 3.1 allow remote attackers to execute arbitrary SQL commands via the 1 cartid parameter to upstnt.php or 2 psku parameter to display.php. NOTE: the vendor disputes this report, saying that they are forced SQL errors. The original researcher is...
CVE-2005-1487
Multiple SQL injection vulnerabilities in FishCart 3.1 allow remote attackers to execute arbitrary SQL commands via the 1 cartid parameter to upstnt.php or 2 psku parameter to display.php. NOTE: the vendor disputes this report, saying that they are forced SQL errors. The original researcher is...
CVE-2005-1486
FishCart 3.1 is affected by multiple vulnerabilities. The primary CVE (CVE-2005-1486) describes cross-site scripting via the following parameters: trackingnum, reqagree, or m in upstracking.php, and nlst in display.php. OpenVAS data also indicates SQL injection vulnerabilities in FishCart that co...
CVE-2005-1486
Multiple cross-site scripting vulnerabilities in FishCart 3.1 allow remote attackers to inject arbitrary web script or HTML via the 1 trackingnum, 2 reqagree, or 3 m parameter to upstracking.php or 4 nlst parameter to display.php. NOTE: the vendor was not able to reproduce some of the reported...
CVE-2005-1486
Multiple cross-site scripting vulnerabilities in FishCart 3.1 allow remote attackers to inject arbitrary web script or HTML via the 1 trackingnum, 2 reqagree, or 3 m parameter to upstracking.php or 4 nlst parameter to display.php. NOTE: the vendor was not able to reproduce some of the reported...
PT-2005-2483 · Fishcart · Fishcart
Name of the Vulnerable Software and Affected Versions: FishCart version 3.1 Description: The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the cartid parameter to 'upstnt.php' or the psku parameter to 'display.php'. The vendor disputes this report,...
FishCart 3.1 - upstnt.php?cartid SQL Injection
FishCart 3.1 - upstnt.php?cartid SQL Injection source: https://www.securityfocus.com/bid/13499/info FishCart is prone to multiple cross-site scripting and SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input. A successful exploit of the SQL-injectio...
[SA15232] FishCart Cross-Site Scripting and SQL Injection Vulnerabilities
---------------------------------------------------------------------- Want a new IT Security job? Vacant positions at Secunia: http://secunia.com/secuniavacancies/ ---------------------------------------------------------------------- TITLE: FishCart Cross-Site Scripting and SQL Injection...
FishCart 3.1 - 'upstnt.php?cartid' SQL Injection
source: https://www.securityfocus.com/bid/13499/info FishCart is prone to multiple cross-site scripting and SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input. A successful exploit of the SQL-injection issues could allow an attacker to compromise...
FishCart 3.1 - 'display.php?psku' SQL Injection
source: https://www.securityfocus.com/bid/13499/info FishCart is prone to multiple cross-site scripting and SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input. A successful exploit of the SQL-injection issues could allow an attacker to compromise...
CVE-2004-0062
Integer overflow in the rnd arithmetic rounding function for various versions of FishCart before 3.1 allows remote attackers to "cause negative totals" via an order with a large quantity...
FishCart Integer Overflow / Rounding Error
FishCartR is a popular full-featured multi-language open source e-commerce system. It is written in PHP4 and works with a variety of database engines. It has been in production for 6 years and is in active use in a number of countries. FishCart has developers in the US and western Europe. On 8...
CVE-2004-0062
Integer overflow in the rnd arithmetic rounding function for various versions of FishCart before 3.1 allows remote attackers to "cause negative totals" via an order with a large quantity...
CVE-2004-0062
The CVE-2004-0062 entry concerns FishCart prior to 3.1, where an integer overflow in the rnd arithmetic rounding function can be triggered by an order with a large quantity, enabling remote attackers to cause negative totals. Affected software: FishCart (versions before 3.1). Root cause: integer ...