Lucene search
+L

132 matches found

Exploit DB
Exploit DB
added 2007/06/20 12:0 a.m.50 views

Comersus Cart 7.0.7 - 'comersus_message.asp' redirectUrl Cross-Site Scripting

source: https://www.securityfocus.com/bid/24562/info Comersus Cart is affected by multiple input validation vulnerabilities. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database. The attacker may...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2007/06/20 12:0 a.m.120 views

Comersus Cart 7.0.7 - 'comersus_customerAuthenticateForm.asp' redirectUrl Cross-Site Scripting

source: https://www.securityfocus.com/bid/24562/info Comersus Cart is affected by multiple input validation vulnerabilities. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database. The attacker may...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2006/08/27 12:0 a.m.37 views

comersusDB.txt

ComerSus ASP Shopping Cart Vendor : Www.Compersus.Com Credits : MFox HomePage : Www.HackerZ.ir Remote DataBase Getting ! Proof of Concept : Http://Target/Path/database/comersus.mdb...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2006/08/11 12:0 a.m.65 views

Comersus ASP shopping cart <= DataBase Downloading vuln

ComerSus ASP Shopping Cart Vendor : Www.Compersus.Com Credits : MFox HomePage : Www.HackerZ.ir Remote DataBase Getting ! Proof of Concept : Http://Target/Path/database/comersus.mdb...

1.6AI score
Exploits0
OpenVAS
OpenVAS
added 2005/11/03 12:0 a.m.36 views

Comersus Cart Cross-Site Scripting Vulnerability

The malicious user is able to compromise the parameters to invoke a Cross-Site Scripting attack. This can be used to take advantage of the trust between a client and server allowing the malicious user to execute malicious JavaScript on the client's machine or perform a denial of service shutting...

7.5CVSS6.5AI score0.06851EPSS
Exploits2
OpenVAS
OpenVAS
added 2005/11/03 12:0 a.m.38 views

Comersus BackOffice Lite Administrative Bypass

Comersus ASP shopping cart is a set of ASP scripts creating an online shoppingcart. It works on a database of your own choosing, default is msaccess, and includes online administration tools. SPDX-FileCopyrightText: 2005 Noam Rathaus Some text descriptions might be excerpted from a referenced...

7.5CVSS6.8AI score0.01635EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2005/11/02 12:0 a.m.51 views

Comersus BackOffice comersus_backoffice_menu.asp Multiple Parameter SQL Injection

The remote host appears to be running Comersus Cart, an ASP shopping cart application. The version of Comersus Cart installed on the remote host fails to sanitize input to the 'adminName' and 'adminpassword' fields of the 'backofficeLite/comersusbackofficemenu.asp' script before using them in a...

5.7AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2005/11/02 12:0 a.m.2050 views

Comersus Cart /comersus/database/comersus.mdb Direct Request Datbase Disclosure

The remote host appears to be running Comersus Cart, an ASP shopping cart application. The version of Comersus Cart installed on the remote host fails to restrict access to its customer database, which contains order information, passwords, credit card numbers, etc. Further, the data in all...

5.6AI score
Exploits0References1
NVD
NVD
added 2005/11/01 12:47 p.m.13 views

CVE-2005-3397

Cross-site scripting XSS vulnerability in Comersus BackOffice allows remote attackers to inject arbitrary web script or HTML via the error parameter to comersusbackofficesupportError.asp. NOTE: the comersusbackofficemessage.asp/message vector is already covered by CVE-2005-2191 item 2...

4.3CVSS5.6AI score0.01394EPSS
Exploits1References1
Cvelist
Cvelist
added 2005/11/01 11:0 a.m.22 views

CVE-2005-3397

Cross-site scripting XSS vulnerability in Comersus BackOffice allows remote attackers to inject arbitrary web script or HTML via the error parameter to comersusbackofficesupportError.asp. NOTE: the comersusbackofficemessage.asp/message vector is already covered by CVE-2005-2191 item 2...

5.6AI score0.01394EPSS
Exploits1References1
CVE
CVE
added 2005/11/01 11:0 a.m.51 views

CVE-2005-3397

CVE-2005-3397 describes a cross-site scripting (XSS) vulnerability in the Comersus BackOffice. The issue is exploitable via the error parameter to the script comersus_backoffice_supportError.asp , allowing remote attackers to inject arbitrary web script or HTML. The description notes that the rel...

4.3CVSS5.7AI score0.01394EPSS
Exploits1References1Affected Software2
exploitpack
exploitpack
added 2005/10/31 12:0 a.m.19 views

Comersus Backoffice 4.x5.06.0 - comersus_Backoffice_supportError.asp?error Cross-Site Scripting

Comersus Backoffice 4.x5.06.0 - comersusBackofficesupportError.asp?error Cross-Site Scripting source: https://www.securityfocus.com/bid/15251/info Comersus BackOfficePlus and BackOfficeLite are prone to multiple input validation and information disclosure vulnerabilities. The applications are pro...

6.8AI score
Exploits0
Exploit DB
Exploit DB
added 2005/10/31 12:0 a.m.37 views

Comersus Backoffice 4.x/5.0/6.0 - 'comersus_Backoffice_supportError.asp?error' Cross-Site Scripting

source: https://www.securityfocus.com/bid/15251/info Comersus BackOfficePlus and BackOfficeLite are prone to multiple input validation and information disclosure vulnerabilities. The applications are prone to SQL injection attacks, information disclosure and multiple cross-site scripting attacks...

7.4AI score
Exploits0
NVD
NVD
added 2005/10/23 10:2 a.m.17 views

CVE-2005-3285

Cross-site scripting XSS vulnerability in comersusbackofficesearchItemForm.asp in Comersus BackOffice Plus allows remote attackers to inject arbitrary web script or HTML via the 1 forwardTo1, 2 forwardTo2, 3 nameFT1, or 4 nameFT2 parameters...

4.3CVSS5.7AI score0.01861EPSS
Exploits1References5
Cvelist
Cvelist
added 2005/10/23 4:0 a.m.24 views

CVE-2005-3285

Cross-site scripting XSS vulnerability in comersusbackofficesearchItemForm.asp in Comersus BackOffice Plus allows remote attackers to inject arbitrary web script or HTML via the 1 forwardTo1, 2 forwardTo2, 3 nameFT1, or 4 nameFT2 parameters...

5.7AI score0.01861EPSS
Exploits1References5
CVE
CVE
added 2005/10/23 4:0 a.m.52 views

CVE-2005-3285

CVE-2005-3285 describes a Cross-site scripting (XSS) vulnerability in Comersus BackOffice Plus, specifically in comersus_backoffice_searchItemForm.asp. The issue allows remote attackers to inject arbitrary web script or HTML via the parameters forwardTo1, forwardTo2, nameFT1, or nameFT2. The vuln...

4.3CVSS6AI score0.01861EPSS
Exploits1References5Affected Software1
securityvulns
securityvulns
added 2005/10/20 12:0 a.m.35 views

[SA17219] Comersus Power Pack Premium Cross-Site Scripting Vulnerabilities

TITLE: Comersus Power Pack Premium Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA17219 VERIFY ADVISORY: http://secunia.com/advisories/17219/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: Comersus Power Pack Premium http://secunia.com/product/5887/...

2.1AI score
Exploits0
exploitpack
exploitpack
added 2005/10/17 12:0 a.m.12 views

Comersus Backoffice Plus - Multiple Cross-Site Scripting Vulnerabilities

Comersus Backoffice Plus - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/15118/info BackOffice Plus is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. A...

7AI score
Exploits0
NVD
NVD
added 2005/07/11 4:0 a.m.18 views

CVE-2005-2190

Multiple SQL injection vulnerabilities in Comersus shopping cart allow remote attackers to execute arbitrary SQL commands via the 1 email parameter to comersusoptAffiliateRegistrationExec.asp or 2 idProduct parameter to comersusoptReviewReadExec.asp...

7.5CVSS8.4AI score0.01141EPSS
Exploits0References2
NVD
NVD
added 2005/07/11 4:0 a.m.16 views

CVE-2005-2191

Multiple cross-site scripting XSS vulnerabilities in Comersus shopping cart allow remote attackers to inject arbitrary web script or HTML via the 1 name parameter to comersusbackofficelistAssignedPricesToCustomer.asp or 2 message parameter to comersusbackofficemessage.asp...

4.3CVSS5.7AI score0.01208EPSS
Exploits0References4
Rows per page
Query Builder