11 matches found
EUVD-2013-5807
Malware in sbrugna...
EUVD-2013-5808
Malware in sbrugna...
EUVD-2014-9263
Malware in sbrugna...
EUVD-2014-9281
Malware in sbrugna...
CVE-2014-9442
SQL injection vulnerability in models/Cart66Ajax.php in the Cart66 Lite plugin before 1.5.4 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the q parameter in a promotionProductSearch action to wp-admin/admin-ajax.php...
CVE-2014-9461
CVE-2014-9461 affects the WordPress plugin Cart66 Lite (models/Cart66.php). The vulnerability is a directory traversal in the member_download action via “..” exposed to wp-admin/admin-ajax.php, allowing authenticated remote users to read arbitrary files. Affected version: Cart66 Lite prior to 1.5...
Sql injection
SQL injection vulnerability in models/Cart66Ajax.php in the Cart66 Lite plugin before 1.5.4 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the q parameter in a promotionProductSearch action to wp-admin/admin-ajax.php...
CVE-2014-9442
SQL injection vulnerability in models/Cart66Ajax.php in the Cart66 Lite plugin before 1.5.4 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the q parameter in a promotionProductSearch action to wp-admin/admin-ajax.php...
Sql injection
SQL injection vulnerability in the shortcodeProductsTable function in models/Cart66Ajax.php in the Cart66 Lite plugin before 1.5.2 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a shortcodeproductstable action to wp-admin/admin-ajax.php...
CVE-2013-5977
Cross-site request forgery CSRF vulnerability in Cart66Product.php in the Cart66 Lite plugin before 1.5.1.15 for WordPress allows remote attackers to hijack the authentication of administrators for requests that 1 create or modify products or conduct cross-site scripting XSS attacks via the 2...
CVE-2013-5977
Cross-site request forgery CSRF vulnerability in Cart66Product.php in the Cart66 Lite plugin before 1.5.1.15 for WordPress allows remote attackers to hijack the authentication of administrators for requests that 1 create or modify products or conduct cross-site scripting XSS attacks via the 2...