132 matches found
Comersus Cart 7.0.7 - 'comersus_message.asp' redirectUrl Cross-Site Scripting
source: https://www.securityfocus.com/bid/24562/info Comersus Cart is affected by multiple input validation vulnerabilities. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database. The attacker may...
Comersus Cart 7.0.7 - 'comersus_customerAuthenticateForm.asp' redirectUrl Cross-Site Scripting
source: https://www.securityfocus.com/bid/24562/info Comersus Cart is affected by multiple input validation vulnerabilities. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database. The attacker may...
comersusDB.txt
ComerSus ASP Shopping Cart Vendor : Www.Compersus.Com Credits : MFox HomePage : Www.HackerZ.ir Remote DataBase Getting ! Proof of Concept : Http://Target/Path/database/comersus.mdb...
Comersus ASP shopping cart <= DataBase Downloading vuln
ComerSus ASP Shopping Cart Vendor : Www.Compersus.Com Credits : MFox HomePage : Www.HackerZ.ir Remote DataBase Getting ! Proof of Concept : Http://Target/Path/database/comersus.mdb...
Comersus Cart Cross-Site Scripting Vulnerability
The malicious user is able to compromise the parameters to invoke a Cross-Site Scripting attack. This can be used to take advantage of the trust between a client and server allowing the malicious user to execute malicious JavaScript on the client's machine or perform a denial of service shutting...
Comersus BackOffice Lite Administrative Bypass
Comersus ASP shopping cart is a set of ASP scripts creating an online shoppingcart. It works on a database of your own choosing, default is msaccess, and includes online administration tools. SPDX-FileCopyrightText: 2005 Noam Rathaus Some text descriptions might be excerpted from a referenced...
Comersus BackOffice comersus_backoffice_menu.asp Multiple Parameter SQL Injection
The remote host appears to be running Comersus Cart, an ASP shopping cart application. The version of Comersus Cart installed on the remote host fails to sanitize input to the 'adminName' and 'adminpassword' fields of the 'backofficeLite/comersusbackofficemenu.asp' script before using them in a...
Comersus Cart /comersus/database/comersus.mdb Direct Request Datbase Disclosure
The remote host appears to be running Comersus Cart, an ASP shopping cart application. The version of Comersus Cart installed on the remote host fails to restrict access to its customer database, which contains order information, passwords, credit card numbers, etc. Further, the data in all...
CVE-2005-3397
Cross-site scripting XSS vulnerability in Comersus BackOffice allows remote attackers to inject arbitrary web script or HTML via the error parameter to comersusbackofficesupportError.asp. NOTE: the comersusbackofficemessage.asp/message vector is already covered by CVE-2005-2191 item 2...
CVE-2005-3397
Cross-site scripting XSS vulnerability in Comersus BackOffice allows remote attackers to inject arbitrary web script or HTML via the error parameter to comersusbackofficesupportError.asp. NOTE: the comersusbackofficemessage.asp/message vector is already covered by CVE-2005-2191 item 2...
CVE-2005-3397
CVE-2005-3397 describes a cross-site scripting (XSS) vulnerability in the Comersus BackOffice. The issue is exploitable via the error parameter to the script comersus_backoffice_supportError.asp , allowing remote attackers to inject arbitrary web script or HTML. The description notes that the rel...
Comersus Backoffice 4.x5.06.0 - comersus_Backoffice_supportError.asp?error Cross-Site Scripting
Comersus Backoffice 4.x5.06.0 - comersusBackofficesupportError.asp?error Cross-Site Scripting source: https://www.securityfocus.com/bid/15251/info Comersus BackOfficePlus and BackOfficeLite are prone to multiple input validation and information disclosure vulnerabilities. The applications are pro...
Comersus Backoffice 4.x/5.0/6.0 - 'comersus_Backoffice_supportError.asp?error' Cross-Site Scripting
source: https://www.securityfocus.com/bid/15251/info Comersus BackOfficePlus and BackOfficeLite are prone to multiple input validation and information disclosure vulnerabilities. The applications are prone to SQL injection attacks, information disclosure and multiple cross-site scripting attacks...
CVE-2005-3285
Cross-site scripting XSS vulnerability in comersusbackofficesearchItemForm.asp in Comersus BackOffice Plus allows remote attackers to inject arbitrary web script or HTML via the 1 forwardTo1, 2 forwardTo2, 3 nameFT1, or 4 nameFT2 parameters...
CVE-2005-3285
Cross-site scripting XSS vulnerability in comersusbackofficesearchItemForm.asp in Comersus BackOffice Plus allows remote attackers to inject arbitrary web script or HTML via the 1 forwardTo1, 2 forwardTo2, 3 nameFT1, or 4 nameFT2 parameters...
CVE-2005-3285
CVE-2005-3285 describes a Cross-site scripting (XSS) vulnerability in Comersus BackOffice Plus, specifically in comersus_backoffice_searchItemForm.asp. The issue allows remote attackers to inject arbitrary web script or HTML via the parameters forwardTo1, forwardTo2, nameFT1, or nameFT2. The vuln...
[SA17219] Comersus Power Pack Premium Cross-Site Scripting Vulnerabilities
TITLE: Comersus Power Pack Premium Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA17219 VERIFY ADVISORY: http://secunia.com/advisories/17219/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: Comersus Power Pack Premium http://secunia.com/product/5887/...
Comersus Backoffice Plus - Multiple Cross-Site Scripting Vulnerabilities
Comersus Backoffice Plus - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/15118/info BackOffice Plus is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. A...
CVE-2005-2190
Multiple SQL injection vulnerabilities in Comersus shopping cart allow remote attackers to execute arbitrary SQL commands via the 1 email parameter to comersusoptAffiliateRegistrationExec.asp or 2 idProduct parameter to comersusoptReviewReadExec.asp...
CVE-2005-2191
Multiple cross-site scripting XSS vulnerabilities in Comersus shopping cart allow remote attackers to inject arbitrary web script or HTML via the 1 name parameter to comersusbackofficelistAssignedPricesToCustomer.asp or 2 message parameter to comersusbackofficemessage.asp...