Lucene search
K

24 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2008-0729

Malware in sbrugna...

7.5CVSS6.4AI score0.02883EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/07/23 12:0 a.m.5 views

PT-2025-30585 · Unknown · Oscommerce Online Merchant

Name of the Vulnerable Software and Affected Versions: osCommerce Online Merchant version 2.3.4.1 Description: A remote code execution issue exists due to insecure default configuration and missing authentication in the installer workflow. The /install/ directory remains accessible after...

9.3CVSS7.8AI score0.0282EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/07/23 12:0 a.m.4 views

osCommerce Online Merchant 安全漏洞

osCommerce Online Merchant is an e-commerce platform from osCommerce Open Source. A security vulnerability exists in osCommerce Online Merchant version 2.3.4.1, which stems from an insecure default configuration that could lead to remote code execution...

9.3CVSS7.7AI score0.0282EPSS
Exploits0References4
0day.today
0day.today
added 2019/02/07 12:0 a.m.22 views

osCommerce 2.3.4.1 - currency SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: osCommerce 2.3.4.1 - 'currency' SQL Vulnerabilities Exploit Author: Mehmet EMIROGLU Vendor Homepage: https://www.oscommerce.com Software Link: https://www.oscommerce.com/Products Version: 2.3.4.1 Category: Webapps Tested on: Wam...

0.1AI score
Exploits0
Krebs on Security
Krebs on Security
added 2018/11/23 11:24 p.m.76 views

How to Shop Online Like a Security Pro

'Tis the season when even those who know a thing or two about Internet scams tend to let down their guard in the face of an eye-popping discount or the stress of last-minute holiday shopping. So here's a quick refresher course on how to make it through the next few weeks without getting snookered...

6.8AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2015/06/07 12:0 a.m.0 views

OsCommerce Cross-Site Request Forgery Administrator Deletion

A Cross-Site Request Forgery vulnerability has been reported in OsCommerce Online Merchant platform. Successful exploitation of this vulnerability would allow remote attackers to delete administrator users from the affected system...

4.5AI score
Exploits0
NVD
NVD
added 2015/01/13 3:59 p.m.18 views

CVE-2014-10033

SQL injection vulnerability in the updatezone function in catalog/admin/geozones.php in osCommerce Online Merchant 2.3.3.4 and earlier allows remote administrators to execute arbitrary SQL commands via the zID parameter in a list action...

6.5CVSS8.3AI score0.01798EPSS
Exploits1References5
CVE
CVE
added 2015/01/13 3:0 p.m.41 views

CVE-2014-10033

The CVE-2014-10033 entry describes an SQL injection in the update_zone function of osCommerce Online Merchant 2.3.3.4 and earlier. The vulnerability exists in catalog/admin/geo_zones.php, where remote administrators can trigger arbitrary SQL execution via the zID parameter in a list action. The i...

6.5CVSS8.6AI score0.01798EPSS
Exploits1References5Affected Software1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.11 views

Oscommerce Online Merchant 2.2 - Remote File Upload

No description provided by source...

7.1AI score
Exploits0
Prion
Prion
added 2012/09/19 7:55 p.m.18 views

Code injection

The PayPal aka MODULEPAYMENTPAYPALSTANDARD module before 1.1 in osCommerce Online Merchant before 2.3.4 allows remote attackers to set the payment recipient via a modified value of the merchant's e-mail address, as demonstrated by setting the recipient to one's self...

5CVSS7AI score0.0114EPSS
Exploits0References2Affected Software2
NVD
NVD
added 2012/05/27 7:55 p.m.13 views

CVE-2012-1792

Cross-site scripting XSS vulnerability in osCommerce/OM/Core/Site/Setup/Application/Install/RPC/DBCheck.php in OSCommerce Online Merchant 3.0.2, when the software is being installed, allows remote attackers to inject arbitrary web script or HTML via the name parameter to oscommerce/index.php, whi...

2.6CVSS5.6AI score0.00875EPSS
Exploits1References1
Prion
Prion
added 2012/05/27 7:55 p.m.19 views

Cross site scripting

Cross-site scripting XSS vulnerability in osCommerce/OM/Core/Site/Setup/Application/Install/RPC/DBCheck.php in OSCommerce Online Merchant 3.0.2, when the software is being installed, allows remote attackers to inject arbitrary web script or HTML via the name parameter to oscommerce/index.php, whi...

2.6CVSS6.1AI score0.00875EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2012/05/27 7:0 p.m.17 views

CVE-2012-1792

Cross-site scripting XSS vulnerability in osCommerce/OM/Core/Site/Setup/Application/Install/RPC/DBCheck.php in OSCommerce Online Merchant 3.0.2, when the software is being installed, allows remote attackers to inject arbitrary web script or HTML via the name parameter to oscommerce/index.php, whi...

5.6AI score0.00875EPSS
Exploits1References1
CVE
CVE
added 2012/05/27 7:0 p.m.49 views

CVE-2012-1792

OSCommerce Online Merchant 3.0.2 has a documented XSS vulnerability in the installer path: DBCheck.php during installation, where the name parameter to oscommerce/index.php is not properly sanitized in an error message, allowing injection of arbitrary script/HTML. The root cause is improper handl...

2.6CVSS5.8AI score0.00875EPSS
Exploits1References1Affected Software1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2012/01/20 12:0 a.m.21 views

JVN#38216398: osCommerce vulnerable to directory traversal

osCommerce is an open source system for creating shopping websites. osCommerce contains a directory traversal vulnerability. Impact A remote attacker may access arbitrary files on the server. Solution Update the software Update to the latest version according to the information provided by the...

5CVSS6.5AI score0.096EPSS
Exploits1
0day.today
0day.today
added 2010/07/06 12:0 a.m.24 views

osCommerce Online Merchant v2.2 Release Candidate 2a XSS/HTML Vuln

Exploit for php platform in category web applications ======================================================================= osCommerce Online Merchant v2.2 Release Candidate 2a XSS/HTML Injection =======================================================================...

7.1AI score
Exploits0
OpenVAS
OpenVAS
added 2010/06/01 12:0 a.m.135 views

osCommerce Online Merchant <= 2.2 'file_manager.php' Remote Arbitrary File Upload Vulnerability

Online Merchant module for osCommerce is prone to a remote arbitrary-file-upload vulnerability because it fails to sufficiently sanitize user-supplied input. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

9.3CVSS7AI score0.01142EPSS
Exploits0References3
exploitpack
exploitpack
added 2010/05/30 12:0 a.m.19 views

osCommerce Online Merchant 2.2 - Arbitrary File Upload

osCommerce Online Merchant 2.2 - Arbitrary File Upload | \ | | | | | |/ / | | | | | // \ \ / / | | | | | | |/ | ' \ | |\ \ /\ V / | | || | || | | | | | | \| / /||,|||/|| || | | | || | | | | |/' || || | | |/ / | ' \ | /| |\ | | | / | | | | | | | \ |/ /./ / /|,|| || || / / DEFACEMENT...

0.1AI score
Exploits0
0day.today
0day.today
added 2010/05/30 12:0 a.m.24 views

Oscommerce Online Merchant v2.2 File Disclosure / Admin ByPass

Exploit for php platform in category web applications ============================================================== Oscommerce Online Merchant v2.2 File Disclosure / Admin ByPass ============================================================== Author : Flyff666 Date : May, 30, 2010 Location :...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2010/05/30 12:0 a.m.25 views

OSCommerce Online Merchant 2.2 Bypass / File Disclosure

-------------------------------------------- Oscommerce Online Merchant v2.2 File Disclosure And Admin ByPass -------------------------------------------- Author : Flyff666 Date : May, 30, 2010 Location : Tangerang, Indonesia Time Zone : GMT +7:00 Software : OsCommerce Online Merchant v2.2 Tested...

7.4AI score
Exploits0
Rows per page
Query Builder