36 matches found
EUVD-2014-8146
Malware in sbrugna...
EUVD-2014-8148
Malware in sbrugna...
EUVD-2014-8147
Malware in sbrugna...
CVE-2014-8307
Multiple cross-site scripting XSS vulnerabilities in skins/default/outline.tpl in C97net Cart Engine before 4.0 allow remote attackers to inject arbitrary web script or HTML via the 1 path parameter in the "drop down TOP menu with path" section or 2 printthispage variable in the footercontentbloc...
CVE-2014-8305
Open redirect vulnerability in the redir function in includes/function.php in C97net Cart Engine before 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP Referer header to 1 index.php, 2 cart.php, 3 msg.php, or 4 page.php...
CVE-2014-8306
SQL injection vulnerability in the sqlquery function in cart.php in C97net Cart Engine before 4.0 allows remote attackers to execute arbitrary SQL commands via the itemid variable, as demonstrated by the 1 itemid0 or 2 itemid parameter...
Cart Engine 7.0.0 Build 20180202 Database Disclosure
============================================================================================================================ | Title : Cart Engine Version: 7.0.0 build 20180202 Database Disclosure Vulnerability | | Author : indoushka | | Telegram : @indoushka | | Tested on : Win 10 X64 /FrPro | |...
Cart Engine 3.0 SQL Injection
SQL Injection vulnerabilty in Cart Engine cart.php Vulnerability Type: SQL Injection For the exploit source code contact DSquare Security sales team...
CVE-2014-8307
Multiple cross-site scripting XSS vulnerabilities in skins/default/outline.tpl in C97net Cart Engine before 4.0 allow remote attackers to inject arbitrary web script or HTML via the 1 path parameter in the "drop down TOP menu with path" section or 2 printthispage variable in the footercontentbloc...
CVE-2014-8306
SQL injection vulnerability in the sqlquery function in cart.php in C97net Cart Engine before 4.0 allows remote attackers to execute arbitrary SQL commands via the itemid variable, as demonstrated by the 1 itemid0 or 2 itemid parameter...
CVE-2014-8305
Open redirect vulnerability in the redir function in includes/function.php in C97net Cart Engine before 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP Referer header to 1 index.php, 2 cart.php, 3 msg.php, or 4 page.php...
Sql injection
SQL injection vulnerability in the sqlquery function in cart.php in C97net Cart Engine before 4.0 allows remote attackers to execute arbitrary SQL commands via the itemid variable, as demonstrated by the 1 itemid0 or 2 itemid parameter...
Open redirect
Open redirect vulnerability in the redir function in includes/function.php in C97net Cart Engine before 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP Referer header to 1 index.php, 2 cart.php, 3 msg.php, or 4 page.php...
CVE-2014-8307
Multiple cross-site scripting XSS vulnerabilities in skins/default/outline.tpl in C97net Cart Engine before 4.0 allow remote attackers to inject arbitrary web script or HTML via the 1 path parameter in the "drop down TOP menu with path" section or 2 printthispage variable in the footercontentbloc...
CVE-2014-8305
Open redirect vulnerability in the redir function in includes/function.php in C97net Cart Engine before 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP Referer header to 1 index.php, 2 cart.php, 3 msg.php, or 4 page.php...
CVE-2014-8306
CVE-2014-8306 affects C97net Cart Engine prior to 4.0. The vulnerability is a SQL injection in the sql_query function of cart.php exploited through the item_id parameter (item_id[0] or item_id[]), enabling remote command execution. Public references describe the vulnerable input handling but do n...
CVE-2014-8307
The CVE-2014-8307 entry concerns multiple XSS vulnerabilities in C97net Cart Engine (before 4.0), specifically in skins/default/outline.tpl. The underlying issue is that user-supplied data in (1) the path parameter in the drop down TOP menu (with path) and (2) the print_this_page variable in the ...
CVE-2014-8305
The CVE-2014-8305 entry concerns C97net Cart Engine prior to version 4.0, where the open redirect vulnerability exists in the redir function (includes/function.php). An attacker can cause a user to be redirected to arbitrary sites by supplying a URL in the HTTP Referer header to one of four pages...
Cart Engine 3.0 - Multiple Vulnerabilities
No description provided by source. === Details === Quantum Leap Advisory: http://www.quantumleap.it/cart-engine-3-0-multiple-vulnerabilities-sql-injection-reflected-xss-open-redirect/ Affected Product: Cart Engine Version: 3.0 === Executive Summary === SQL Injection: Using a specially crafted HTT...
Cart Engine Multiple Vulnerabilities
Cart Engine is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...