61 matches found
EUVD-2014-8146
Malware in sbrugna...
EUVD-2014-8148
Malware in sbrugna...
EUVD-2014-8147
Malware in sbrugna...
CVE-2014-8307
Multiple cross-site scripting XSS vulnerabilities in skins/default/outline.tpl in C97net Cart Engine before 4.0 allow remote attackers to inject arbitrary web script or HTML via the 1 path parameter in the "drop down TOP menu with path" section or 2 printthispage variable in the footercontentbloc...
CVE-2014-8305
Open redirect vulnerability in the redir function in includes/function.php in C97net Cart Engine before 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP Referer header to 1 index.php, 2 cart.php, 3 msg.php, or 4 page.php...
CVE-2014-8306
SQL injection vulnerability in the sqlquery function in cart.php in C97net Cart Engine before 4.0 allows remote attackers to execute arbitrary SQL commands via the itemid variable, as demonstrated by the 1 itemid0 or 2 itemid parameter...
CVE-2014-8307
Multiple cross-site scripting XSS vulnerabilities in skins/default/outline.tpl in C97net Cart Engine before 4.0 allow remote attackers to inject arbitrary web script or HTML via the 1 path parameter in the "drop down TOP menu with path" section or 2 printthispage variable in the footercontentbloc...
CVE-2014-8306
SQL injection vulnerability in the sqlquery function in cart.php in C97net Cart Engine before 4.0 allows remote attackers to execute arbitrary SQL commands via the itemid variable, as demonstrated by the 1 itemid0 or 2 itemid parameter...
CVE-2014-8305
Open redirect vulnerability in the redir function in includes/function.php in C97net Cart Engine before 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP Referer header to 1 index.php, 2 cart.php, 3 msg.php, or 4 page.php...
Sql injection
SQL injection vulnerability in the sqlquery function in cart.php in C97net Cart Engine before 4.0 allows remote attackers to execute arbitrary SQL commands via the itemid variable, as demonstrated by the 1 itemid0 or 2 itemid parameter...
Open redirect
Open redirect vulnerability in the redir function in includes/function.php in C97net Cart Engine before 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP Referer header to 1 index.php, 2 cart.php, 3 msg.php, or 4 page.php...
CVE-2014-8307
Multiple cross-site scripting XSS vulnerabilities in skins/default/outline.tpl in C97net Cart Engine before 4.0 allow remote attackers to inject arbitrary web script or HTML via the 1 path parameter in the "drop down TOP menu with path" section or 2 printthispage variable in the footercontentbloc...
CVE-2014-8305
Open redirect vulnerability in the redir function in includes/function.php in C97net Cart Engine before 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP Referer header to 1 index.php, 2 cart.php, 3 msg.php, or 4 page.php...
CVE-2014-8306
CVE-2014-8306 affects C97net Cart Engine prior to 4.0. The vulnerability is a SQL injection in the sql_query function of cart.php exploited through the item_id parameter (item_id[0] or item_id[]), enabling remote command execution. Public references describe the vulnerable input handling but do n...
CVE-2014-8307
The CVE-2014-8307 entry concerns multiple XSS vulnerabilities in C97net Cart Engine (before 4.0), specifically in skins/default/outline.tpl. The underlying issue is that user-supplied data in (1) the path parameter in the drop down TOP menu (with path) and (2) the print_this_page variable in the ...
CVE-2014-8305
The CVE-2014-8305 entry concerns C97net Cart Engine prior to version 4.0, where the open redirect vulnerability exists in the redir function (includes/function.php). An attacker can cause a user to be redirected to arbitrary sites by supplying a URL in the HTTP Referer header to one of four pages...
Cart Engine 3.0.0 Remote Code Execution
No description provided by source. ? Cart Engine 3.0.0 Remote Code Execution Vendor: C97net Product web page: http://www.c97.net Affected version: 3.0.0 Summary: Open your own online shop today with Cart Engine! The small, yet powerful and don't forget, FREE shopping cart based on PHP & MySQL...
Kemana Directory 1.5.6 Database Backup Disclosure Exploit
No description provided by source. ?php / Kemana Directory 1.5.6 Database Backup Disclosure Exploit Vendor: C97net Product web page: http://www.c97.net Affected version: 1.5.6 Summary: Experience the ultimate directory script solution with Kemana. Create your own Yahoo or Dmoz easily with Kemana...
Cart Engine 3.0.0 (task.php) Local File Inclusion Vulnerability
No description provided by source. ? Cart Engine 3.0.0 task.php Local File Inclusion Vulnerability Vendor: C97net Product web page: http://www.c97.net Affected version: 3.0.0 Summary: Open your own online shop today with Cart Engine! The small, yet powerful and don't forget, FREE shopping cart...
Kemana Directory 1.5.6 - kemana_admin_passwd Cookie User Password Hash Disclosure
No description provided by source. ? Kemana Directory 1.5.6 kemanaadminpasswd Cookie User Password Hash Disclosure Vendor: C97net Product web page: http://www.c97.net Affected version: 1.5.6 Summary: Experience the ultimate directory script solution with Kemana. Create your own Yahoo or Dmoz easi...