33 matches found
EUVD-2007-3073
Malware in sbrugna...
EUVD-2005-2139
Malware in sbrugna...
EUVD-2005-2544
Malware in sbrugna...
EUVD-2005-2545
Malware in sbrugna...
CVE-2005-2138
Cross-site scripting XSS vulnerability in index.php in Comdev eCommerce 3.0 and 3.1 allows remote attackers to inject arbitrary web script or HTML via Javascript in the onMouseOver event of an "A" tag in a review message...
Comdev eCommerce 3.0 INDEX.PHP Multiple Cross-Site Scripting Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/12382/info Comdev eCommerce is reported prone to multiple cross-site scripting vulnerabilities. These may facilitate theft of cookie-based authentication credentials as well as other attacks. Comdev eCommerce 3.0 is...
Comdev eCommerce 3.0 WCE.Download.PHP Directory Traversal Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/14479/info Comdev eCommerce is prone to a directory traversal vulnerability. A remote unauthorized user can disclose the contents of arbitrary local files through the use of directory traversal strings '../' relative to t...
Comdev ECommerce 3.0 Config.PHP Remote File Include Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/14478/info Comdev eCommerce is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to execute...
comdevecom-rfi.txt
Comdev eCommerce 4.1 RFI Vulnerability Infomation:- Scripts: Comdev eCommerce Download: http://www.comdevweb.com/downloadfile.php?product=ECOMM41&url=http://share.comdevweb.com/download/ecommerce-4.1.zip Version : 4.1 Exploit :...
CVE-2007-3081
CVE-2007-3081 is a documented PHP remote file inclusion in Comdev eCommerce 4.1 , affecting the file sampleecommerce.php via a URL in the path[docroot] parameter, allowing remote arbitrary PHP code execution. This is supported by multiple feeds (NVD, CVE lists, PRION, CVELIST) and has a CVSSv2 ba...
CVE-2007-3081
PHP remote file inclusion vulnerability in sampleecommerce.php in Comdev eCommerce 4.1 allows remote attackers to execute arbitrary PHP code via a URL in the pathdocroot parameter...
Comdev eCommerce 4.1 RFI Vulnerability
Comdev eCommerce 4.1 RFI Vulnerability Infomation:- Scripts: Comdev eCommerce Download: http://www.comdevweb.com/downloadfile.php?product=ECOMM41&url=http://share.comdevweb.com/download/ecommerce-4.1.zip Version : 4.1 Exploit :...
CVE-2006-5101
CVE-2006-5101 is a PHP remote file inclusion vulnerability in Comdev CSV Importer 3.1 (and possibly 4.1) used across multiple Comdev components (Contact Form, Helpdesk, Events Calendar, FAQ/Support, Guestbook, Links Directory, News Publisher, Newsletter, Photo Gallery, Vote Caster, Web Blogger, e...
Comdev eCommerce 3.1 :) <= Remote File Inclusion
+-------------------------------------------------------------------- + + Comdev eCommerce 3.1 : = Remote File Inclusion + +-------------------------------------------------------------------- + + Affected Software .: Comdev eCommerce 3.1 + Venedor ...........: http://www.comdevweb.com + Class...
CVE-2005-2543
The CVE-2005-2543 entry describes a directory traversal vulnerability in Comdev eCommerce 3.0, specifically in wce.download.php, where the download parameter can be abused with a .. (dot dot) to download arbitrary files. Affected product/component: Comdev eCommerce 3.0 / wce.download.php. Root ca...
CVE-2005-2543
Directory traversal vulnerability in wce.download.php in Comdev eCommerce 3.0 allows remote attackers to download arbitrary files via a .. dot dot in the download parameter...
CVE-2005-2544
PHP remote file inclusion vulnerability in config.php in Comdev eCommerce 3.0 allows remote attackers to execute arbitrary PHP code via the pathdocroot parameter...
CVE-2005-2544
The CVE-2005-2544 entry concerns Comdev eCommerce 3.0, where a PHP remote file inclusion flaw in config.php allows an attacker to execute arbitrary PHP code via path[docroot]. This is evidenced by multiple sources (NVD/CVE records and a Nessus plugin) describing remote code execution possibilitie...
Comdev eCommerce 3.0 Multiple Vulnerabilities (RFI, Traversal)
The remote host is running eCommerce, a web-based shopping system from Comdev. The installed version of eCommerce allows remote attackers to control the 'pathdocroot' parameter used when including PHP code in the 'config.php' script. By leveraging this flaw, an attacker may be able to view...
comdevTraversal.txt
Class: Input Validation Error Vulnerable: Comdev Comdev eCommerce 3.0 The wce.download.php script present in two locations can be passed a "download" http request parameter to download an arbitrary file on the vulnerable server. Example:...