24 matches found
EUVD-2008-0729
Malware in sbrugna...
PT-2025-30585 · Unknown · Oscommerce Online Merchant
Name of the Vulnerable Software and Affected Versions: osCommerce Online Merchant version 2.3.4.1 Description: A remote code execution issue exists due to insecure default configuration and missing authentication in the installer workflow. The /install/ directory remains accessible after...
osCommerce Online Merchant 安全漏洞
osCommerce Online Merchant is an e-commerce platform from osCommerce Open Source. A security vulnerability exists in osCommerce Online Merchant version 2.3.4.1, which stems from an insecure default configuration that could lead to remote code execution...
osCommerce 2.3.4.1 - currency SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: osCommerce 2.3.4.1 - 'currency' SQL Vulnerabilities Exploit Author: Mehmet EMIROGLU Vendor Homepage: https://www.oscommerce.com Software Link: https://www.oscommerce.com/Products Version: 2.3.4.1 Category: Webapps Tested on: Wam...
How to Shop Online Like a Security Pro
'Tis the season when even those who know a thing or two about Internet scams tend to let down their guard in the face of an eye-popping discount or the stress of last-minute holiday shopping. So here's a quick refresher course on how to make it through the next few weeks without getting snookered...
OsCommerce Cross-Site Request Forgery Administrator Deletion
A Cross-Site Request Forgery vulnerability has been reported in OsCommerce Online Merchant platform. Successful exploitation of this vulnerability would allow remote attackers to delete administrator users from the affected system...
CVE-2014-10033
SQL injection vulnerability in the updatezone function in catalog/admin/geozones.php in osCommerce Online Merchant 2.3.3.4 and earlier allows remote administrators to execute arbitrary SQL commands via the zID parameter in a list action...
CVE-2014-10033
The CVE-2014-10033 entry describes an SQL injection in the update_zone function of osCommerce Online Merchant 2.3.3.4 and earlier. The vulnerability exists in catalog/admin/geo_zones.php, where remote administrators can trigger arbitrary SQL execution via the zID parameter in a list action. The i...
Oscommerce Online Merchant 2.2 - Remote File Upload
No description provided by source...
Code injection
The PayPal aka MODULEPAYMENTPAYPALSTANDARD module before 1.1 in osCommerce Online Merchant before 2.3.4 allows remote attackers to set the payment recipient via a modified value of the merchant's e-mail address, as demonstrated by setting the recipient to one's self...
CVE-2012-1792
Cross-site scripting XSS vulnerability in osCommerce/OM/Core/Site/Setup/Application/Install/RPC/DBCheck.php in OSCommerce Online Merchant 3.0.2, when the software is being installed, allows remote attackers to inject arbitrary web script or HTML via the name parameter to oscommerce/index.php, whi...
Cross site scripting
Cross-site scripting XSS vulnerability in osCommerce/OM/Core/Site/Setup/Application/Install/RPC/DBCheck.php in OSCommerce Online Merchant 3.0.2, when the software is being installed, allows remote attackers to inject arbitrary web script or HTML via the name parameter to oscommerce/index.php, whi...
CVE-2012-1792
Cross-site scripting XSS vulnerability in osCommerce/OM/Core/Site/Setup/Application/Install/RPC/DBCheck.php in OSCommerce Online Merchant 3.0.2, when the software is being installed, allows remote attackers to inject arbitrary web script or HTML via the name parameter to oscommerce/index.php, whi...
CVE-2012-1792
OSCommerce Online Merchant 3.0.2 has a documented XSS vulnerability in the installer path: DBCheck.php during installation, where the name parameter to oscommerce/index.php is not properly sanitized in an error message, allowing injection of arbitrary script/HTML. The root cause is improper handl...
JVN#38216398: osCommerce vulnerable to directory traversal
osCommerce is an open source system for creating shopping websites. osCommerce contains a directory traversal vulnerability. Impact A remote attacker may access arbitrary files on the server. Solution Update the software Update to the latest version according to the information provided by the...
osCommerce Online Merchant v2.2 Release Candidate 2a XSS/HTML Vuln
Exploit for php platform in category web applications ======================================================================= osCommerce Online Merchant v2.2 Release Candidate 2a XSS/HTML Injection =======================================================================...
osCommerce Online Merchant <= 2.2 'file_manager.php' Remote Arbitrary File Upload Vulnerability
Online Merchant module for osCommerce is prone to a remote arbitrary-file-upload vulnerability because it fails to sufficiently sanitize user-supplied input. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...
osCommerce Online Merchant 2.2 - Arbitrary File Upload
osCommerce Online Merchant 2.2 - Arbitrary File Upload | \ | | | | | |/ / | | | | | // \ \ / / | | | | | | |/ | ' \ | |\ \ /\ V / | | || | || | | | | | | \| / /||,|||/|| || | | | || | | | | |/' || || | | |/ / | ' \ | /| |\ | | | / | | | | | | | \ |/ /./ / /|,|| || || / / DEFACEMENT...
Oscommerce Online Merchant v2.2 File Disclosure / Admin ByPass
Exploit for php platform in category web applications ============================================================== Oscommerce Online Merchant v2.2 File Disclosure / Admin ByPass ============================================================== Author : Flyff666 Date : May, 30, 2010 Location :...
OSCommerce Online Merchant 2.2 Bypass / File Disclosure
-------------------------------------------- Oscommerce Online Merchant v2.2 File Disclosure And Admin ByPass -------------------------------------------- Author : Flyff666 Date : May, 30, 2010 Location : Tangerang, Indonesia Time Zone : GMT +7:00 Software : OsCommerce Online Merchant v2.2 Tested...