16 matches found
Cetera eCommerce 15.0 SQL Injection / Disclosure
Hello list! I want to warn you about SQL Injection, Full path disclosure, Abuse of Functionality and Insufficient Anti-automation vulnerabilities in Cetera eCommerce. It's engine for online shops. ------------------------- Affected products: ------------------------- Vulnerable are Cetera eCommer...
XSS, SQL Injection и SQL DB Structure Extraction уязвимости в Cetera eCommerce
Здравствуйте 3APA3A! Сообщаю вам о найденных мною новых Cross-Site Scripting, SQL Injection и SQL DB Structure Extraction уязвимостях в Cetera eCommerce. XSS WASC-08 также работают в версии 15.0: http://site/catalog/3Cscript3Ealertdocument.cookie3C/script3E/...
Cetera eCommerce - Multiple Cross-Site Scripting / SQL Injections
source: https://www.securityfocus.com/bid/47044/info Cetera eCommerce is prone to multiple cross-site scripting and SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to steal cookie-based authentication...
Cetera eCommerce - Multiple Cross-Site Scripting SQL Injections
Cetera eCommerce - Multiple Cross-Site Scripting SQL Injections source: https://www.securityfocus.com/bid/47044/info Cetera eCommerce is prone to multiple cross-site scripting and SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues...
Cetera eCommerce 14.0 Cross Site Scripting / SQL Injection
Hello list! I want to warn you about Cross-Site Scripting, SQL Injection and SQL DB Structure Extraction vulnerabilities in Cetera eCommerce. It's engine for online shops. ------------------------- Affected products: ------------------------- Vulnerable are Cetera eCommerce 14.0 and previous...
Cetera eCommerce 14.0 SQL Injection / Cross Site Scripting
Hello Full-Disclosure! I want to warn you about new security vulnerabilities in Cetera eCommerce. It's engine for online shops. ------------------------- Affected products: ------------------------- Vulnerable are Cetera eCommerce 14.0 and previous versions. ---------- Details: ---------- XSS...
Новые уязвимости в Cetera eCommerce
Здравствуйте 3APA3A! Сообщаю вам о найденных мною новых Cross-Site Scripting и SQL DB Structure Extraction уязвимостях в Cetera eCommerce. XSS WASC-08: http://site/cms/templates/banner.php?bannerId=3Cscript3Ealertdocument.cookie3C/script3E SQL DB Structure Extraction WASC-13:...
Cetera eCommerce - 'banner.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/45374/info Cetera eCommerce is prone to a cross-site-scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the...
Cetera eCommerce - banner.php Cross-Site Scripting
Cetera eCommerce - banner.php Cross-Site Scripting source: https://www.securityfocus.com/bid/45374/info Cetera eCommerce is prone to a cross-site-scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code...
Cetera eCommerce - Multiple SQL Injections
Cetera eCommerce - Multiple SQL Injections source: https://www.securityfocus.com/bid/42058/info Cetera eCommerce is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues can allow an...
Cetera eCommerce - Multiple Cross-Site Scripting HTML Injection Vulnerabilities
Cetera eCommerce - Multiple Cross-Site Scripting HTML Injection Vulnerabilities source: https://www.securityfocus.com/bid/42059/info Cetera eCommerce is prone to multiple cross-site-scripting and HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input before using...
Cetera eCommerce - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities
source: https://www.securityfocus.com/bid/42059/info Cetera eCommerce is prone to multiple cross-site-scripting and HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code wou...
Cetera eCommerce - Multiple SQL Injections
source: https://www.securityfocus.com/bid/42058/info Cetera eCommerce is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues can allow an attacker to compromise the application, acces...
New vulnerabilities in Cetera eCommerce
Здравствуйте 3APA3A! Сообщаю вам о найденных мною Cross-Site Scripting, SQL Injection и SQL DB Structure Extraction уязвимостях в Cetera eCommerce. XSS: http://site/cms/templates/search.php?q=111&sobject=223E3Cscript3Ealertdocument.cookie3C/script3E...
Cetera eCommerce 14.0 Cross Site Scripting / SQL Injection
============================================================= I want to warn you about security vulnerabilities in Cetera eCommerce. Which I disclosed already in December 2009 SecurityVulns ID: 10489. ----------------------------- Advisory: Vulnerabilities in Cetera eCommerce...
Vulnerabilities in Cetera CMS
Здравствуйте 3APA3A! Сообщаю вам о найденных мною Insufficient Anti-automation и Cross-Site Scripting уязвимостях в Cetera eCommerce. Insufficient Anti-automation: http://site/ http://site/account/ На данных страницах отсутствует защита от автоматизированных запросов капча. XSS:...