21 matches found
EUVD-2010-1569
Malware in sbrugna...
EUVD-2010-1568
Malware in sbrugna...
EUVD-2007-5117
Malware in sbrugna...
CVE-2010-1541
Multiple cross-site scripting XSS vulnerabilities in DFD Cart 1.198, 1.197, and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 category and 2 listquantity parameters to index.php, and the 3 category parameter to your.order.php...
CVE-2010-1542
Multiple cross-site request forgery CSRF vulnerabilities in admin/configure.php in DFD Cart 1.198, 1.197, and earlier allow remote attackers to hijack the authentication of administrators for requests that 1 conduct cross-site scripting XSS attacks or 2 change unspecified settings...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in admin/configure.php in DFD Cart 1.198, 1.197, and earlier allow remote attackers to hijack the authentication of administrators for requests that 1 conduct cross-site scripting XSS attacks or 2 change unspecified settings...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in DFD Cart 1.198, 1.197, and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 category and 2 listquantity parameters to index.php, and the 3 category parameter to your.order.php...
CVE-2010-1541
Multiple cross-site scripting XSS vulnerabilities in DFD Cart 1.198, 1.197, and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 category and 2 listquantity parameters to index.php, and the 3 category parameter to your.order.php...
CVE-2010-1542
Multiple cross-site request forgery CSRF vulnerabilities in admin/configure.php in DFD Cart 1.198, 1.197, and earlier allow remote attackers to hijack the authentication of administrators for requests that 1 conduct cross-site scripting XSS attacks or 2 change unspecified settings...
CVE-2010-1541
Multiple cross-site scripting XSS vulnerabilities in DFD Cart 1.198, 1.197, and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 category and 2 listquantity parameters to index.php, and the 3 category parameter to your.order.php...
CVE-2010-1542
DFD Cart contains CSRF vulnerabilities in admin/configure.php affecting version 1.198, 1.197 and earlier. The issue allows remote attackers to hijack administrator sessions to perform (1) XSS actions or (2) changes to unspecified settings. Root cause is cross-site request forgery in admin configu...
CVE-2010-1541
CVE-2010-1541 affects DFD Cart versions 1.198, 1.197 and earlier. The documented flaw is multiple cross-site scripting (XSS) vulnerabilities that allow remote attackers to inject arbitrary web script or HTML through specific input parameters: (1) category and (2) list_quantity in index.php, and (...
Cross site scripting
Cross-site scripting XSS vulnerability in DFD Cart 1.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2007-5136
Cross-site scripting XSS vulnerability in DFD Cart 1.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2007-5136
Cross-site scripting XSS vulnerability in DFD Cart 1.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2007-5136
CVE-2007-5136 is an XSS vulnerability affecting DFD Cart 1.1.4 and earlier. The issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, with a CVSS v2 base score of 4.3 (Medium) and impacts including partial integrity but no confidentiality or availability im...
Remote file inclusion
Multiple PHP remote file inclusion vulnerabilities in DFD Cart 1.1.4 and earlier, when registerglobals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the setdepth parameter to 1 app.lib/product.control/core.php/product.control.config.php, or 2 customer.browse.list.p...
CVE-2007-5098
Multiple PHP remote file inclusion vulnerabilities in DFD Cart 1.1.4 and earlier, when registerglobals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the setdepth parameter to 1 app.lib/product.control/core.php/product.control.config.php, or 2 customer.browse.list.p...
Immunity Canvas: DFDCART_INCLUDE
Name| dfdcartinclude ---|--- CVE| CVE-2007-5098 Exploit Pack| CANVAS Description| DFD Cart Remote file inclusion Notes| CVSS: 6.8 Repeatability: Infinite VENDOR: DFD Cart CVE Url: https://vulners.com/cve/CVE-2007-5098 CVE Name: CVE-2007-5098...
CVE-2007-5098
DFD Cart is affected by multiple PHP remote file inclusion flaws in version 1.1.4 and earlier when register_globals is on. The vulnerability allows an attacker to craft a URL for set_depth that causes inclusion of arbitrary PHP code via specific target paths in app.lib/product.control/core.php/pr...