9 matches found
EUVD-2015-3500
Malware in sbrugna...
Magento Community Edition and Enterprise Edition Cross-Site Scripting Vulnerability
Magento is an open source PHP e-commerce system from Magento Inc. that provides rights management, search engine, and payment gateway.Magento Community Edition CE is a community edition.Magento Enterprise Edition EE is an enterprise edition. A cross-site scripting vulnerability exists in Magento ...
Session fixation
Magento Community Edition and Enterprise Edition before 2.0.10 and 2.1.x before 2.1.2 have XSS via e-mail templates that are mishandled during a preview, aka APPSEC-1503...
Magento Enterprise Edition and Magento Community Edition Information Disclosure Vulnerability
Magento is a professional open source PHP e-commerce system of the United States Magento company.Magento Enterprise Edition EE is an enterprise version.Magento Community Edition CE is a community edition. Magento EE 1.14.2.3 before the version and Magento CE 1.9.2.3 before the version of the...
CVE-2016-2212
The getOrderByStatusUrlKey function in the MageRssHelperOrder class in app/code/core/Mage/Rss/Helper/Order.php in Magento Enterprise Edition before 1.14.2.3 and Magento Community Edition before 1.9.2.3 allows remote attackers to obtain sensitive order information via the orderid in a JSON object ...
Magento Community Edition and Enterprise Edition Directory Traversal Vulnerability
Magento is a professional open source PHP e-commerce system from Magento Inc. in the United States, which provides rights management, search engine and payment gateway, etc. Magento Community Edition CE is a community edition.Magento Enterprise Edition EE is an enterprise edition. A directory...
Magento Community Edition and Enterprise Edition SQL Injection Vulnerabilities
Magento is a professional open-source PHP e-commerce system from Magento, which provides rights management, search engine and payment gateway, etc. Magento Community Edition CE is a community edition.Magento Enterprise Edition EE is an enterprise edition. A SQL injection vulnerability exists in t...
Design/Logic Flaw
The fetchView function in the MageCoreBlockTemplateZend class in Magento Community Edition CE 1.9.1.0 and Enterprise Edition EE 1.14.1.0 does not restrict the stream wrapper used in a template path, which allows remote administrators to include and execute arbitrary PHP files via the phar:// stre...
CVE-2015-1399
PHP remote file inclusion vulnerability in the fetchView function in the MageCoreBlockTemplateZend class in Magento Community Edition CE 1.9.1.0 and Enterprise Edition EE 1.14.1.0 allows remote administrators to execute arbitrary PHP code via a URL in unspecified vectors involving the setScriptPa...