2551 matches found
CVE-2006-6588
The forum implementation in the ecommerce component in the Apache Open For Business Project OFBiz trusts the 1 dataResourceTypeId, 2 contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown...
Work System eCommerce 3.0.3/3.0.4 - 'forum.php' Remote File Inclusion
source: https://www.securityfocus.com/bid/21580/info WORK system e-commerce is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue may allow an attacker to compromise the application and the underlying system; other...
SitesOutlet eCommerce Kit - Multiple SQL Injections
SitesOutlet eCommerce Kit - Multiple SQL Injections source: https://www.securityfocus.com/bid/21056/info SitesOutlet Ecommerce Kit is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issu...
SitesOutlet eCommerce Kit - Multiple SQL Injections
source: https://www.securityfocus.com/bid/21056/info SitesOutlet Ecommerce Kit is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the...
CVE-2006-5101
CVE-2006-5101 is a PHP remote file inclusion vulnerability in Comdev CSV Importer 3.1 (and possibly 4.1) used across multiple Comdev components (Contact Form, Helpdesk, Events Calendar, FAQ/Support, Guestbook, Links Directory, News Publisher, Newsletter, Photo Gallery, Vote Caster, Web Blogger, e...
CVE-2006-5096
Multiple cross-site scripting XSS vulnerabilities in index.php in VirtueMart formerly known as mambo-phpShop Joomla! eCommerce Edition CMS 1.0.11, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the Itemid parameter in a 1 comcontact or 2 subscribe action...
VirtueMart Joomla eCommerce Edition CMS Multiple XSS Vulnerabilities
VirtueMart Joomla eCommerce Edition CMS Multiple XSS Vulnerabilities Status: Reported to the Vendor 09/26/2006 Class: Input Validation Error Severity: Low Software Description: VirtueMart formerly known as mambo-phpShop is an Open Source E-Commerce solution to be used together with a Content...
Comdev eCommerce 3.1 :) <= Remote File Inclusion
+-------------------------------------------------------------------- + + Comdev eCommerce 3.1 : = Remote File Inclusion + +-------------------------------------------------------------------- + + Affected Software .: Comdev eCommerce 3.1 + Venedor ...........: http://www.comdevweb.com + Class...
Joomla! Component VirtueMart Joomla! eCommerce Edition 1.0.11 - Multiple Input Validation Vulnerabilities
Joomla! Component VirtueMart Joomla! eCommerce Edition 1.0.11 - Multiple Input Validation Vulnerabilities source: https://www.securityfocus.com/bid/20236/info VirtueMart Joomla eCommerce Edition is prone to multiple input-validation vulnerabilities because the application fails to properly saniti...
Joomla! Component VirtueMart Joomla! eCommerce Edition 1.0.11 - Multiple Input Validation Vulnerabilities
source: https://www.securityfocus.com/bid/20236/info VirtueMart Joomla eCommerce Edition is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker can exploit these issues to execute arbitrary HTML and script code in...
cubecart_3011_adv.txt
-------------------------------------------------------------------------------- CubeCart alertdocument.cookie http://target/pathtocubecart/admin/filemanager/preview.php?file=1&x="alertdocument.cookie http://target/pathtocubecart/admin/filemanager/preview.php?file=1&y="alertdocument.cookie...
CubeCart <= 3.0.11 SQL injection & cross site scripting
-------------------------------------------------------------------------------- CubeCart = 3.0.11 SQL injection & cross site scripting software: site: http://www.cubecart.com/site/home/ description: "CubeCart is an eCommerce script written with PHP & MySQL. With CubeCart you can setup a powerful...
CVE-2006-3137
Cross-site scripting XSS vulnerability in productDetail.asp in Edge eCommerce Shop allows remote attackers to inject arbitrary web script or HTML via the cartid parameter...
CVE-2006-3137
Cross-site scripting XSS vulnerability in productDetail.asp in Edge eCommerce Shop allows remote attackers to inject arbitrary web script or HTML via the cartid parameter...
CVE-2006-3137
CVE-2006-3137 describes a Cross-site Scripting (XSS) vulnerability in Edge eCommerce Shop, specifically in productDetail.asp, where an attacker can inject arbitrary script via the cart_id parameter. The affected component is the Edge eCommerce Shop web application; the root cause is unsanitized i...
Sql injection
SQL injection vulnerability in index.asp in Total Ecommerce 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: it is not clear whether this report is associated with a specific product. If not, then it should not be included in CVE...
CVE-2006-1098
Multiple SQL injection vulnerabilities in NZ Ecommerce allow remote attackers to execute arbitrary SQL commands via the 1 informationID or 2 ParentCategory parameter to index.php. NOTE: the vendor has disputed this issue in a comment on the researcher's blog, but research by CVE suggests that thi...
CVE-2006-1109
SQL injection vulnerability in index.asp in Total Ecommerce 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: it is not clear whether this report is associated with a specific product. If not, then it should not be included in CVE...
CVE-2006-1098
NZ Ecommerce is affected by multiple SQL injection vulnerabilities exploitable via index.php with the informationID or ParentCategory parameters. The root cause is improper input handling that allows arbitrary SQL execution. Impact is remote compromise of the database as described in sources; exp...
CVE-2006-1096
CVE-2006-1096 affects NZ Ecommerce, specifically the XSS in index.php via the action parameter. The vulnerability is a stored/ reflected-type cross-site scripting issue that allows remote attackers to inject arbitrary script or HTML. The vendor’s dispute is noted in multiple sources; no concrete ...