def-2001-25: Carello E-Commerce Arbitrary Command Execution

====================================================================== Defcom Labs Advisory def-2001-25 Carello E-Commerce Arbitrary Command Execution Author: Peter Grьndl [email protected] Release Date: 2001-05-14 ======================================================================...

Pacific Software Carello 1.2.1 - File Duplication / Source Disclosure

source: https://www.securityfocus.com/bid/1245/info A remote user can gain read and write access on a target machine running Carello shopping cart software. First, a user may create a duplicate of a known file in a known directory on the target host through add.exe in /scripts/Carello. Accessing...