43 matches found
Design/Logic Flaw
protected\apps\member\controller\shopcarController.php in Yxcms building system compatible cell phone v1.4.7 has a logic flaw allowing attackers to modify a price, before form submission, by observing data in a packet capture...
CVE-2018-8761
protected\apps\member\controller\shopcarController.php in Yxcms building system compatible cell phone v1.4.7 has a logic flaw allowing attackers to modify a price, before form submission, by observing data in a packet capture...
CVE-2018-8761
protected\apps\member\controller\shopcarController.php in Yxcms building system compatible cell phone v1.4.7 has a logic flaw allowing attackers to modify a price, before form submission, by observing data in a packet capture...
CVE-2018-8761
CVE-2018-8761 : In Yxcms building system (compatible cell phone) v1.4.7, a logic flaw in the file protected\apps\member\controller\shopcarController.php allows an attacker to modify a price before form submission by observing data in a packet capture. The vulnerability is described in multiple so...
PHPOK企业建站系统(支付漏洞1元任意买);
简要描述: PHPOK企业建站系统PHPOK4.4.010支付漏洞1元任意买最新版 详细说明: 1.来到产品展示随便选入一件商品进购物车下订单 2.来到之类点确认支付抓包修改金额 3.改成1元然会出现链接点开就好了 只要1元就可以 漏洞证明: 1.来到产品展示随便选入一件商品进购物车下订单 img src="https://images.seebug.org/upload/201511/0919554096547d3a4eb6da54be5276c7ad0c1967.jpg" a...
CVE-2002-2302
ShopFactory 5.5–5.8 (3D3.Com) is affected by CVE-2002-2302: remote attackers can modify prices in shopping carts by altering the price value in a hidden form field. The vulnerability arises from client-side price manipulation in the cart, enabling potential price integrity issues. The available s...
CVE-2002-2302
3D3.Com ShopFactory 5.5 through 5.8 allows remote attackers to modify the prices in their shopping carts by modifying the price in a hidden form field...
Dragonfly Shopping Cart Multiple vulnerabilities
Dcrab 's Security Advisory http://icis.digitalparadox.org/dcrab http://www.hackerscenter.com/ Get Dcrab's Services to audit your Web servers, scripts, networks, etc or even code them. Learn more at http://www.dbtech.org Severity: High Title: Dragonfly Shopping Cart Multiple vulnerabilities Date:...
CVE-2004-0682
comersusgatewayPayPal.asp in Comersus Cart 5.09, and possibly other versions before 5.098, allows remote attackers to change the prices of items by directly modifying them in the URL...
Comersus Cart Improper Request Handling
Comersus Cart Improper Request Handling Release Date: July 6, 2004 Severity: Medium Vendor: Comersus Open Technologies Software: Tested on Comersus Cart 5.09 Previous versions may also be affected. Remote: Remotely executed from any web browser Technical Details: The unethical user is able to...
CVE-2002-1352
Per Magne Knutsen's CartMan shopping cart cartman.php 1.04 and earlier allows remote attackers to modify product prices by changing the price parameter...
CVE-2000-0926
The CVE-2000-0926 entry concerns SmartWin CyberOffice Shopping Cart 2 (CyberShop). Vulnerability: remote attackers can modify price information by altering the hidden Price form variable. Affected component: the shopping cart/web interface that processes the Price field. Impact: data integrity co...
CVE-2000-1001
add2basket.asp in Element InstantShop allows remote attackers to modify price information via the "price" hidden form variable...
CVE-2000-0926
SmartWin CyberOffice Shopping Cart 2 aka CyberShop allows remote attackers to modify price information by changing the "Price" hidden form variable...
CVE-2000-0926
SmartWin CyberOffice Shopping Cart 2 aka CyberShop allows remote attackers to modify price information by changing the "Price" hidden form variable...
Очередные дырки в различных Shopping Cart
Обратный путь в директориях позволяет обращаться к системным файлам. В отдельных случаях возможна модификация прайса...
CVE-2000-1001
add2basket.asp in Element InstantShop allows remote attackers to modify price information via the "price" hidden form variable...
Price modification in Element InstantShop
===================================================================== Securax-SA-07 Security Advisory belgian.networking.security Dutch ===================================================================== Topic: Price modification in Element InstantShop Announced: 2000-10-23 Updated: 2000-10-23...
DST2K0036: Price modification possible in CyberOffice Shopping Ca rt
All, We have released this with the permission of the vendor. Rgds Ollie ----- Ollie Whitehouse Security Team Leader tel: +44 020 79160200 ============================================================================ Delphis Consulting Plc...
DST2K0036: Price modification possible in CyberOffice Shopping Ca rt
All, We have released this with the permission of the vendor. Rgds Ollie ----- Ollie Whitehouse Security Team Leader tel: +44 020 79160200 ============================================================================ Delphis Consulting Plc...