Lucene search
K

2551 matches found

Cvelist
Cvelist
added 2006/12/15 7:0 p.m.27 views

CVE-2006-6588

The forum implementation in the ecommerce component in the Apache Open For Business Project OFBiz trusts the 1 dataResourceTypeId, 2 contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown...

6.7AI score0.02128EPSS
Exploits1References1
Exploit DB
Exploit DB
added 2006/12/13 12:0 a.m.22 views

Work System eCommerce 3.0.3/3.0.4 - 'forum.php' Remote File Inclusion

source: https://www.securityfocus.com/bid/21580/info WORK system e-commerce is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue may allow an attacker to compromise the application and the underlying system; other...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2006/11/15 12:0 a.m.14 views

SitesOutlet eCommerce Kit - Multiple SQL Injections

SitesOutlet eCommerce Kit - Multiple SQL Injections source: https://www.securityfocus.com/bid/21056/info SitesOutlet Ecommerce Kit is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issu...

8.1AI score
Exploits0
Exploit DB
Exploit DB
added 2006/11/15 12:0 a.m.23 views

SitesOutlet eCommerce Kit - Multiple SQL Injections

source: https://www.securityfocus.com/bid/21056/info SitesOutlet Ecommerce Kit is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the...

7AI score
Exploits0
CVE
CVE
added 2006/10/02 8:0 p.m.47 views

CVE-2006-5101

CVE-2006-5101 is a PHP remote file inclusion vulnerability in Comdev CSV Importer 3.1 (and possibly 4.1) used across multiple Comdev components (Contact Form, Helpdesk, Events Calendar, FAQ/Support, Guestbook, Links Directory, News Publisher, Newsletter, Photo Gallery, Vote Caster, Web Blogger, e...

7.5CVSS7.9AI score0.03747EPSS
Exploits0References53Affected Software1
Cvelist
Cvelist
added 2006/09/29 9:0 p.m.17 views

CVE-2006-5096

Multiple cross-site scripting XSS vulnerabilities in index.php in VirtueMart formerly known as mambo-phpShop Joomla! eCommerce Edition CMS 1.0.11, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the Itemid parameter in a 1 comcontact or 2 subscribe action...

5.9AI score0.02084EPSS
Exploits1References6
securityvulns
securityvulns
added 2006/09/28 12:0 a.m.79 views

VirtueMart Joomla eCommerce Edition CMS Multiple XSS Vulnerabilities

VirtueMart Joomla eCommerce Edition CMS Multiple XSS Vulnerabilities Status: Reported to the Vendor 09/26/2006 Class: Input Validation Error Severity: Low Software Description: VirtueMart formerly known as mambo-phpShop is an Open Source E-Commerce solution to be used together with a Content...

1.7AI score
Exploits0
securityvulns
securityvulns
added 2006/09/28 12:0 a.m.45 views

Comdev eCommerce 3.1 :) <= Remote File Inclusion

+-------------------------------------------------------------------- + + Comdev eCommerce 3.1 : = Remote File Inclusion + +-------------------------------------------------------------------- + + Affected Software .: Comdev eCommerce 3.1 + Venedor ...........: http://www.comdevweb.com + Class...

0.2AI score
Exploits0
exploitpack
exploitpack
added 2006/09/27 12:0 a.m.11 views

Joomla! Component VirtueMart Joomla! eCommerce Edition 1.0.11 - Multiple Input Validation Vulnerabilities

Joomla! Component VirtueMart Joomla! eCommerce Edition 1.0.11 - Multiple Input Validation Vulnerabilities source: https://www.securityfocus.com/bid/20236/info VirtueMart Joomla eCommerce Edition is prone to multiple input-validation vulnerabilities because the application fails to properly saniti...

0.6AI score
Exploits0
Exploit DB
Exploit DB
added 2006/09/27 12:0 a.m.22 views

Joomla! Component VirtueMart Joomla! eCommerce Edition 1.0.11 - Multiple Input Validation Vulnerabilities

source: https://www.securityfocus.com/bid/20236/info VirtueMart Joomla eCommerce Edition is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker can exploit these issues to execute arbitrary HTML and script code in...

7AI score
Exploits0
Packet Storm
Packet Storm
added 2006/08/27 12:0 a.m.23 views

cubecart_3011_adv.txt

-------------------------------------------------------------------------------- CubeCart alertdocument.cookie http://target/pathtocubecart/admin/filemanager/preview.php?file=1&x="alertdocument.cookie http://target/pathtocubecart/admin/filemanager/preview.php?file=1&y="alertdocument.cookie...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2006/08/18 12:0 a.m.50 views

CubeCart <= 3.0.11 SQL injection & cross site scripting

-------------------------------------------------------------------------------- CubeCart = 3.0.11 SQL injection & cross site scripting software: site: http://www.cubecart.com/site/home/ description: "CubeCart is an eCommerce script written with PHP & MySQL. With CubeCart you can setup a powerful...

0.1AI score
Exploits0
NVD
NVD
added 2006/06/22 10:6 p.m.13 views

CVE-2006-3137

Cross-site scripting XSS vulnerability in productDetail.asp in Edge eCommerce Shop allows remote attackers to inject arbitrary web script or HTML via the cartid parameter...

4.3CVSS5.7AI score0.01158EPSS
Exploits0References4
Cvelist
Cvelist
added 2006/06/22 10:0 p.m.17 views

CVE-2006-3137

Cross-site scripting XSS vulnerability in productDetail.asp in Edge eCommerce Shop allows remote attackers to inject arbitrary web script or HTML via the cartid parameter...

5.7AI score0.01158EPSS
Exploits0References4
CVE
CVE
added 2006/06/22 10:0 p.m.37 views

CVE-2006-3137

CVE-2006-3137 describes a Cross-site Scripting (XSS) vulnerability in Edge eCommerce Shop, specifically in productDetail.asp, where an attacker can inject arbitrary script via the cart_id parameter. The affected component is the Edge eCommerce Shop web application; the root cause is unsanitized i...

4.3CVSS5.9AI score0.01158EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2006/03/09 1:6 p.m.15 views

Sql injection

SQL injection vulnerability in index.asp in Total Ecommerce 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: it is not clear whether this report is associated with a specific product. If not, then it should not be included in CVE...

7.5CVSS9AI score0.01292EPSS
Exploits1References7Affected Software1
NVD
NVD
added 2006/03/09 1:6 p.m.16 views

CVE-2006-1098

Multiple SQL injection vulnerabilities in NZ Ecommerce allow remote attackers to execute arbitrary SQL commands via the 1 informationID or 2 ParentCategory parameter to index.php. NOTE: the vendor has disputed this issue in a comment on the researcher's blog, but research by CVE suggests that thi...

7.5CVSS8.4AI score0.01123EPSS
Exploits0References5
NVD
NVD
added 2006/03/09 1:6 p.m.9 views

CVE-2006-1109

SQL injection vulnerability in index.asp in Total Ecommerce 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: it is not clear whether this report is associated with a specific product. If not, then it should not be included in CVE...

7.5CVSS8.3AI score0.01292EPSS
Exploits1References7
CVE
CVE
added 2006/03/09 11:0 a.m.36 views

CVE-2006-1098

NZ Ecommerce is affected by multiple SQL injection vulnerabilities exploitable via index.php with the informationID or ParentCategory parameters. The root cause is improper input handling that allows arbitrary SQL execution. Impact is remote compromise of the database as described in sources; exp...

7.5CVSS8.5AI score0.01123EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2006/03/09 11:0 a.m.37 views

CVE-2006-1096

CVE-2006-1096 affects NZ Ecommerce, specifically the XSS in index.php via the action parameter. The vulnerability is a stored/ reflected-type cross-site scripting issue that allows remote attackers to inject arbitrary script or HTML. The vendor’s dispute is noted in multiple sources; no concrete ...

4.3CVSS5.7AI score0.01221EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder