21 matches found
EUVD-2013-0161
Malware in sbrugna...
EUVD-2005-1791
Malware in sbrugna...
EUVD-2017-11326
Malware in sbrugna...
EUVD-2016-5842
Malware in sbrugna...
EUVD-2012-5688
Malware in sbrugna...
EUVD-2025-23288
Malicious code in bioql PyPI...
CVE-2021-3291
Zen Cart 1.5.7b allows admins to execute arbitrary OS commands by inspecting an HTML radio input element within the modules edit page and inserting a command...
CVE-1999-0606
An incorrect configuration of the EZMall 2000 shopping cart CGI program "mall2000.cgi" could disclose private information...
GHSA-38F9-4VHQ-9CR8 Zen Cart vulnerable to authenticated remote code execution
Zen Cart 1.5.7b allows admins to execute arbitrary OS commands by inspecting an HTML radio input element within the modules edit page and inserting a command...
Cross-site Request Forgery (CSRF)
Overview solidusfrontend is a cart and storefront for the Solidus e-commerce project. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF. Using a user's cookie, an attacker is able to add an item to the user's cart without authorization. Remediation Upgrade...
X-Cart 5.0.10 < 5.2.18 Open Redirect
According to the self-reported version in its response header, the version of X-Cart hosted on the remote web server is 5.0.10 5.2.18. It is, therefore, affected by a vulnerability in the redirect functionality. Note that the scanner has not tested for these issues but has instead relied only on...
CVE-2018-16157
The CVE-2018-16157 entry describes a logic flaw in waimai Super Cms 20150505 where attackers can modify the price before form submission by observing data in a packet capture. By setting the index.php?m=cart&a=save item_totals parameter to zero, the entire cart can be sold for free. The available...
RCE in Zen Cart via Arbitrary File Inclusion
High-Tech Bridge Security Research Lab discovered critical vulnerability in a popular e-commerce software Zen Cart, which can be exploited by remote non-authenticated attackers to compromise vulnerable system. A remote unauthenticated attacker might be able to execute arbitrary PHP code on the...
e-cart 3.0 - Multiple Vulnerabilities
No description provided by source...
CVE-2009-2254
Zen Cart 1.3.8a, 1.3.8, and earlier does not require administrative authentication for admin/sqlpatch.php, which allows remote attackers to execute arbitrary SQL commands via the querystring parameter in an execute action, in conjunction with a PATHINFO of passwordforgotten.php, related to a "SQL...
CVE-2009-2255
Zen Cart 1.3.8a, 1.3.8, and earlier does not require administrative authentication for admin/recordcompany.php, which allows remote attackers to execute arbitrary code by uploading a .php file via the recordcompanyimage parameter in conjunction with a PATHINFO of passwordforgotten.php, then...
Qualiteam X-Cart 4.0.8 - 'product.php' Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/13817/info X-Cart is prone to SQL injection and cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. These vulnerabilities could permit remote attackers to pass malicious inpu...
Qualiteam X-Cart 3.x - upgrade.php?perl_binary Arbitrary Command Execution
Qualiteam X-Cart 3.x - upgrade.php?perlbinary Arbitrary Command Execution source: https://www.securityfocus.com/bid/9560/info X-Cart has been reported to be prone to an issue that may allow remote attackers to execute arbitrary commands on the affected system. The issue is caused by a failure of...
xcart343.txt
X-Cart ttp://www.x-cart.comis a well distributed PHP e-commerce solution. We have discovered some security related bugs in X-Cart Version 3.4.3. It is possible that other versions are vulnerable too. Any visitor can view any file on the web server. This URL my be used as proof of concept:...
Alan Ward A-Cart 2.0 - MSG Cross-Site Scripting
Alan Ward A-Cart 2.0 - MSG Cross-Site Scripting source: https://www.securityfocus.com/bid/8722/info A-Cart has been reported prone to a cross-site scripting vulnerability. The issue presents itself likely due to a lack of sufficient sanitization performed on data contained in the 'msg' URI...