193 matches found
Multi-lingual E-Commerce System 0.2 Multiple Remote Vulnerabilities
No description provided by source. Salvatore "drosophila" Fresta + Application: Multi-lingual E-Commerce System + Version: 0.2 + Website: http://sourceforge.net/projects/mlecsphp/ + Bugs: A Local File Inclusion B Information Disclosure C Arbitrary File Upload + Exploitation: Remote + Date: 19 Apr...
Multi-lingual E-Commerce System 0.2 Multiple Remote Vulnerabilities
Exploit for unknown platform in category web applications =================================================================== Multi-lingual E-Commerce System 0.2 Multiple Remote Vulnerabilities =================================================================== Salvatore "drosophila" Fresta +...
multi-lingual E-Commerce system 0.2 - Multiple Vulnerabilities
multi-lingual E-Commerce system 0.2 - Multiple Vulnerabilities Salvatore "drosophila" Fresta + Application: Multi-lingual E-Commerce System + Version: 0.2 + Website: http://sourceforge.net/projects/mlecsphp/ + Bugs: A Local File Inclusion B Information Disclosure C Arbitrary File Upload +...
Multi-Lingual E-Commerce LFI / Disclosure / Upload
Salvatore "drosophila" Fresta + Application: Multi-lingual E-Commerce System + Version: 0.2 + Website: http://sourceforge.net/projects/mlecsphp/ + Bugs: A Local File Inclusion B Information Disclosure C Arbitrary File Upload + Exploitation: Remote + Date: 19 Apr 2009 + Discovered by: Salvatore...
Code injection
Unspecified vulnerability in WORK system e-commerce before 4.0.2 has unknown impact and attack vectors related to "Ajax pages."...
CVE-2006-5936
SQL injection vulnerability in dept.asp in SiteXpress E-Commerce System allows remote attackers to execute arbitrary SQL commands via the id parameter...
sitexpress.txt
Aria-Security Team Advisory Original Advisory : http://aria-security.net/advisory/SiteXpress.txt ----------------------------------------------------------- Software: SiteXpress E-Commerce System Method : SQL Injection PoC: http://target/path/ http://target/path/dept.asp?id=SQL Contact:...
CVE-2006-5936
CVE-2006-5936 describes an SQL injection in dept.asp of the SiteXpress E-Commerce System, exploitable via the id parameter to allow remote execution of arbitrary SQL commands. Affected component: dept.asp in SiteXpress E-Commerce System. Root cause: improper handling of the id parameter leading t...
CosmicShoppingCart (search.php) Remote SQL Injection Vulnerability
No description provided by source. Software: CosmicShoppingCart www.cosmicphp.com Risk: Medium Discovered by: Vympel Marcelo Almeida Background: CosmicShoppingCart is a PHP / MySQL e-commerce system. It is a fully customizable, shopping cart designed. SQL injections have been found, they could be...
JShop Input Validation Hole in 'page.php' Permits Cross-Site Scripting Attacks
Indonesia Security Development Team Indohack http://indohack.sourceforge.net/drponidi =========================================================================== Security Advisory Advisory Name: JShop Input Validation Hole in 'page.php' Permits Cross-Site Scripting Attacks Platform: Linux Any, UN...
[NT] Cart32 Cross-Site Scripting
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...
FishCart Integer Overflow / Rounding Error
FishCartR is a popular full-featured multi-language open source e-commerce system. It is written in PHP4 and works with a variety of database engines. It has been in production for 6 years and is in active use in a number of countries. FishCart has developers in the US and western Europe. On 8...
[UNIX] FreznoShop Cross Site Scripting Vulnerability (search.php)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...