Lucene search
+L

2561 matches found

Packet Storm
Packet Storm
added 2005/02/25 12:0 a.m.21 views

CubeCart204.txt

Hello All, I have discovered a number of remote vulnerabilities in: CubeCart 2.0.4. Authors Site: http://www.cubecart.com CubeCart is described by its authors as: 'What is CubeCart? CubeCart is an eCommerce script written with PHP & MySQL. With CubeCart you can setup a powerful online store as lo...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2005/01/27 12:0 a.m.30 views

[UNIX] Comdev eCommerce Cross Site Scripting

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

0.4AI score
Exploits0
exploitpack
exploitpack
added 2005/01/25 12:0 a.m.13 views

Comdev eCommerce 3.0 - index.php Multiple Cross-Site Scripting Vulnerabilities

Comdev eCommerce 3.0 - index.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/12382/info Comdev eCommerce is reported prone to multiple cross-site scripting vulnerabilities. These may facilitate theft of cookie-based authentication credentials as well as...

Exploits0
Exploit DB
Exploit DB
added 2005/01/25 12:0 a.m.23 views

Comdev eCommerce 3.0 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/12382/info Comdev eCommerce is reported prone to multiple cross-site scripting vulnerabilities. These may facilitate theft of cookie-based authentication credentials as well as other attacks. Comdev eCommerce 3.0 is reported prone to these issues. It is...

7AI score
Exploits0
Packet Storm
Packet Storm
added 2004/02/18 12:0 a.m.35 views

ZH2004-07SA.txt

ZH2004-07SA security advisory: Multiple Sql injection vulnerabilities in Online Store Kit 3.0 Products Lite - Standard and Pro Published: 17 february 2004 Released: 17 february 2004 Name: Online Store Kit Products Lite - Standard - Pro Affected Systems: 3.0 Issue: Sql Injection Vulnerability...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2004/02/17 12:0 a.m.22 views

Ecommerce Corp. Online Store Kit 3.0 Multiple Vulnerabilities

The remote host is running Ecommerce Corporation Online Store Kit, a web-based e-commerce CGI suite. There is a SQL injection vulnerability in the 'id' parameter of 'more.php'. This could allow a remote attacker to execute arbitrary SQL commands, which could be used to take control of the databas...

10CVSS6AI score0.0517EPSS
Exploits2References2
securityvulns
securityvulns
added 2003/07/17 12:0 a.m.36 views

ZH2003-9SA (security advisory): .netCart information disclusure

ZH2003-9SA security advisory: .netCart information disclusure Published: 16/07/2003 Released: 16/07/2003 Name: .netCart Affected Systems: All versions ? Issue: Remote attackers can obtain admin information including passwords Author: [email protected] Description Zone-h Security Team has...

1AI score
Exploits0
securityvulns
securityvulns
added 2003/07/04 12:0 a.m.35 views

Another ProductCart SQL Injection Vulnerability

ProductCart SQL Injection Vulnerability 1ndonesian Security Team 1st http://bosen.net/releases/ =============================================================================== Security Advisory Advisory Name: ProductCart SQL Injection Vulnerability Release Date: 06/20/2003 Application: ProductCar...

8.2AI score
Exploits0
exploitpack
exploitpack
added 2003/02/17 12:0 a.m.21 views

eCommerce Corporation Online Store Kit 3.0 - More.php Cross-Site Scripting

eCommerce Corporation Online Store Kit 3.0 - More.php Cross-Site Scripting source: https://www.securityfocus.com/bid/9676/info Multiple vulnerabilities have been identified in the software due to improper sanitization of user-supplied input. Successful exploitation of these issues could allow an...

6.8AI score
Exploits0
exploitpack
exploitpack
added 2003/02/17 12:0 a.m.15 views

eCommerce Corporation Online Store Kit 3.0 - More.php?id SQL Injection

eCommerce Corporation Online Store Kit 3.0 - More.php?id SQL Injection source: https://www.securityfocus.com/bid/9676/info Multiple vulnerabilities have been identified in the software due to improper sanitization of user-supplied input. Successful exploitation of these issues could allow an...

0.1AI score
Exploits0
Exploit DB
Exploit DB
added 2003/02/17 12:0 a.m.25 views

eCommerce Corporation Online Store Kit 3.0 - 'More.php?id' SQL Injection

source: https://www.securityfocus.com/bid/9676/info Multiple vulnerabilities have been identified in the software due to improper sanitization of user-supplied input. Successful exploitation of these issues could allow an attacker to carry out cross-site scripting and SQL injection attacks via th...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2002/10/14 12:0 a.m.36 views

[SecurityOffice] Webserver 4D v3.6 Weak Password Preservation Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: MD5 - -- Webserver 4D v3.6 Weak Password Preservation Vulnerability -- - -- Type Design Error - -- Release Date September 25, 2002 - -- Product / Vendor Webserver 4D by MDG Computer Services, Inc. is an complete Web Server environment written entirely on t...

7AI score
Exploits0
securityvulns
securityvulns
added 2002/07/16 12:0 a.m.26 views

Again NULL and addslashes() (now in 123tkshop)

Hi! Ok, another announce about a php application containing unslashed SQL-Queries and bad include/require statements. Several problems in 123tkshop ------------------------------------- What is 123tkshop? 123tkshop is a ecommerce software written in php. It's providing a full featured online shop...

6.8AI score
Exploits0
NVD
NVD
added 2002/03/25 5:0 a.m.14 views

CVE-2002-0124

MDG Computer Services Web Server 4D/eCommerce 3.5.3 allows remote attackers to exploit directory traversal vulnerability via a ../ dot dot containing URL-encoded slashes in the HTTP request...

5CVSS6.6AI score0.02039EPSS
Exploits0References3
securityvulns
securityvulns
added 2002/01/15 12:0 a.m.56 views

Web Server 4D/eCommerce 3.5.3 Directory Traversal Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Web Server 4D/eCommerce 3.5.3 Directory Traversal Vulnerability Type: Directory Traversal Release Date: December 15, 2002 Product / Vendor: Web Server 4D/eCommerce is a single application that includes a shopping cart, credit card authorization, and...

6.9AI score
Exploits0
securityvulns
securityvulns
added 2002/01/15 12:0 a.m.30 views

Web Server 4D/eCommerce 3.5.3 DoS Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Web Server 4D/eCommerce 3.5.3 DoS Vulnerability Type: DoS, crashes Daemon Release Date: December 15, 2002 Product / Vendor: Web Server 4D/eCommerce is a single application that includes a shopping cart, credit card authorization, and order tracking - ...

6.7AI score
Exploits0
exploitpack
exploitpack
added 2001/06/18 12:0 a.m.37 views

DC Scripts DCShop Beta 1.0 02 - File Disclosure (1)

DC Scripts DCShop Beta 1.0 02 - File Disclosure 1 source: https://www.securityfocus.com/bid/2889/info DCShop is a GCI-based ecommerce system from DCScripts. Under certain configurations, a beta version of this product can allow a remote user to request and obtain files containing confidential ord...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2001/06/18 12:0 a.m.52 views

DC Scripts DCShop Beta 1.0 02 - File Disclosure (2)

DC Scripts DCShop Beta 1.0 02 - File Disclosure 2 source: https://www.securityfocus.com/bid/2889/info DCShop is a GCI-based ecommerce system from DCScripts. Under certain configurations, a beta version of this product can allow a remote user to request and obtain files containing confidential ord...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 1999/11/09 12:0 a.m.29 views

cobalt.cgiwrap.txt

There is a problem actually several with the "cgiwrap" program on Cobalt RaQ2 servers. It is supposed to run CGI programs as the proper user instead of "nobody" to make CGIs a little more secure. The Cobalt directory structure is as follows: /home/sites/site1/ - top level directory of the site...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 1999/07/09 12:0 a.m.37 views

IBM Lotus Domino ?open Forced Directory Listing

It is possible to browse the remote web server directories by appending '?open' to the end of the URL. For example : http://www.example.com/?open Data that can be accessed by unauthorized users may include usernames, server names and IP addresses, dial-up server phone numbers, administration logs...

5.6AI score
Exploits0References2
Rows per page
Query Builder