Lucene search
+L

43 matches found

Prion
Prion
added 2018/03/19 2:29 p.m.19 views

Design/Logic Flaw

protected\apps\member\controller\shopcarController.php in Yxcms building system compatible cell phone v1.4.7 has a logic flaw allowing attackers to modify a price, before form submission, by observing data in a packet capture...

5CVSS7.4AI score0.0089EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2018/03/19 2:29 p.m.20 views

CVE-2018-8761

protected\apps\member\controller\shopcarController.php in Yxcms building system compatible cell phone v1.4.7 has a logic flaw allowing attackers to modify a price, before form submission, by observing data in a packet capture...

7.5CVSS7.4AI score0.0089EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/03/19 2:0 p.m.21 views

CVE-2018-8761

protected\apps\member\controller\shopcarController.php in Yxcms building system compatible cell phone v1.4.7 has a logic flaw allowing attackers to modify a price, before form submission, by observing data in a packet capture...

7.5AI score0.0089EPSS
Exploits0References1
CVE
CVE
added 2018/03/19 2:0 p.m.47 views

CVE-2018-8761

CVE-2018-8761 : In Yxcms building system (compatible cell phone) v1.4.7, a logic flaw in the file protected\apps\member\controller\shopcarController.php allows an attacker to modify a price before form submission by observing data in a packet capture. The vulnerability is described in multiple so...

7.5CVSS7.4AI score0.0089EPSS
Exploits0References1Affected Software1
seebug.org
seebug.org
added 2015/11/26 12:0 a.m.27 views

PHPOK企业建站系统(支付漏洞1元任意买);

简要描述: PHPOK企业建站系统PHPOK4.4.010支付漏洞1元任意买最新版 详细说明: 1.来到产品展示随便选入一件商品进购物车下订单 2.来到之类点确认支付抓包修改金额 3.改成1元然会出现链接点开就好了 只要1元就可以 漏洞证明: 1.来到产品展示随便选入一件商品进购物车下订单 img src="https://images.seebug.org/upload/201511/0919554096547d3a4eb6da54be5276c7ad0c1967.jpg" a...

7.1AI score
Exploits0
CVE
CVE
added 2007/10/18 10:0 a.m.55 views

CVE-2002-2302

ShopFactory 5.5–5.8 (3D3.Com) is affected by CVE-2002-2302: remote attackers can modify prices in shopping carts by altering the price value in a hidden form field. The vulnerability arises from client-side price manipulation in the cart, enabling potential price integrity issues. The available s...

6.4CVSS7AI score0.01222EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2007/10/18 10:0 a.m.26 views

CVE-2002-2302

3D3.Com ShopFactory 5.5 through 5.8 allows remote attackers to modify the prices in their shopping carts by modifying the price in a hidden form field...

6.6AI score0.01222EPSS
Exploits0References5
securityvulns
securityvulns
added 2005/07/13 12:0 a.m.30 views

Dragonfly Shopping Cart Multiple vulnerabilities

Dcrab 's Security Advisory http://icis.digitalparadox.org/dcrab http://www.hackerscenter.com/ Get Dcrab's Services to audit your Web servers, scripts, networks, etc or even code them. Learn more at http://www.dbtech.org Severity: High Title: Dragonfly Shopping Cart Multiple vulnerabilities Date:...

0.3AI score
Exploits0
Cvelist
Cvelist
added 2004/07/13 4:0 a.m.24 views

CVE-2004-0682

comersusgatewayPayPal.asp in Comersus Cart 5.09, and possibly other versions before 5.098, allows remote attackers to change the prices of items by directly modifying them in the URL...

6.7AI score0.06851EPSS
Exploits1References3
securityvulns
securityvulns
added 2004/07/08 12:0 a.m.158 views

Comersus Cart Improper Request Handling

Comersus Cart Improper Request Handling Release Date: July 6, 2004 Severity: Medium Vendor: Comersus Open Technologies Software: Tested on Comersus Cart 5.09 Previous versions may also be affected. Remote: Remotely executed from any web browser Technical Details: The unethical user is able to...

6.9AI score
Exploits0
Cvelist
Cvelist
added 2003/09/12 4:0 a.m.19 views

CVE-2002-1352

Per Magne Knutsen's CartMan shopping cart cartman.php 1.04 and earlier allows remote attackers to modify product prices by changing the price parameter...

6.7AI score0.01101EPSS
Exploits1References2
CVE
CVE
added 2001/01/22 5:0 a.m.49 views

CVE-2000-0926

The CVE-2000-0926 entry concerns SmartWin CyberOffice Shopping Cart 2 (CyberShop). Vulnerability: remote attackers can modify price information by altering the hidden Price form variable. Affected component: the shopping cart/web interface that processes the Price field. Impact: data integrity co...

7.5CVSS6.8AI score0.07011EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2001/01/22 5:0 a.m.15 views

CVE-2000-1001

add2basket.asp in Element InstantShop allows remote attackers to modify price information via the "price" hidden form variable...

6.4AI score0.01612EPSS
Exploits0References3
Cvelist
Cvelist
added 2001/01/22 5:0 a.m.26 views

CVE-2000-0926

SmartWin CyberOffice Shopping Cart 2 aka CyberShop allows remote attackers to modify price information by changing the "Price" hidden form variable...

6.4AI score0.07011EPSS
Exploits1References4
NVD
NVD
added 2000/12/19 5:0 a.m.12 views

CVE-2000-0926

SmartWin CyberOffice Shopping Cart 2 aka CyberShop allows remote attackers to modify price information by changing the "Price" hidden form variable...

7.5CVSS6.4AI score0.07011EPSS
Exploits1References4
securityvulns
securityvulns
added 2000/12/14 12:0 a.m.26 views

Очередные дырки в различных Shopping Cart

Обратный путь в директориях позволяет обращаться к системным файлам. В отдельных случаях возможна модификация прайса...

0.5AI score
Exploits0References8Affected Software7
NVD
NVD
added 2000/12/11 5:0 a.m.11 views

CVE-2000-1001

add2basket.asp in Element InstantShop allows remote attackers to modify price information via the "price" hidden form variable...

7.5CVSS6.4AI score0.01612EPSS
Exploits0References3
securityvulns
securityvulns
added 2000/10/24 12:0 a.m.32 views

Price modification in Element InstantShop

===================================================================== Securax-SA-07 Security Advisory belgian.networking.security Dutch ===================================================================== Topic: Price modification in Element InstantShop Announced: 2000-10-23 Updated: 2000-10-23...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2000/10/10 12:0 a.m.42 views

DST2K0036: Price modification possible in CyberOffice Shopping Ca rt

All, We have released this with the permission of the vendor. Rgds Ollie ----- Ollie Whitehouse Security Team Leader tel: +44 020 79160200 ============================================================================ Delphis Consulting Plc...

6.9AI score
Exploits0
securityvulns
securityvulns
added 2000/10/06 12:0 a.m.25 views

DST2K0036: Price modification possible in CyberOffice Shopping Ca rt

All, We have released this with the permission of the vendor. Rgds Ollie ----- Ollie Whitehouse Security Team Leader tel: +44 020 79160200 ============================================================================ Delphis Consulting Plc...

6.9AI score
Exploits0
Rows per page
Query Builder