29 matches found
EUVD-2003-1221
Malware in sbrugna...
EUVD-2005-2623
Malware in sbrugna...
EUVD-2005-2622
Malware in sbrugna...
EUVD-2005-2624
Malware in sbrugna...
Soft4e ECW-Shop 6.0.2 Index.PHP SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/14576/info ECW Shop is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. The consequences of this attack ma...
ECW Shop 6.0.2 Index.PHP Cross Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/14578/info ECW Shop is prone to a cross-site scripting vulnerability. This issue is due to a lack of proper sanitization of user-supplied input. This type of exploitation could allow for theft of cookie-based authenticati...
Soft4e ECW-Shop 6.0.2 Index.PHP HTML Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/14579/info ECW Shop is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-suppli...
CVE-2005-2623
ECW-Shop 6.0.2 is affected. A remote attacker can specify a negative quantity for an item, causing the item price to be subtracted from the cart total, which impacts cart integrity. The NVD entry notes a base score of 5.0 (Medium) with the impact on integrity as PARTIAL and no confidentiality or ...
CVE-2005-2623
ECW-Shop 6.0.2 allows remote attackers to reduce the total cost of their shopping cart by specifying a negative quantity for an item, which causes the price of the item to be subtracted from the total cost...
CVE-2003-1231
CVE-2003-1231: Cross-site scripting (XSS) in ECW-Shop 5.5 (index.php) allows remote attackers to inject arbitrary script/HTML via the cat parameter. The provided sources describe the vulnerability but do not include explicit exploit code, affected versions beyond 5.5, or remediation steps. No add...
CVE-2005-2622
Cross-site scripting XSS vulnerability in index.php in ECW-Shop 6.0.2 allows remote attackers to inject arbitrary web script or HTML via the 1 max or 2 ctg parameter...
CVE-2005-2621
index.php in ECW-Shop 6.0.2 allows remote attackers to obtain sensitive information via the 1 min or 2 max parameter with a "'" single quote, which reveals the path in an error message, possibly due to a SQL injection vulnerability...
CVE-2005-2622
Cross-site scripting XSS vulnerability in index.php in ECW-Shop 6.0.2 allows remote attackers to inject arbitrary web script or HTML via the 1 max or 2 ctg parameter...
CVE-2005-2621
index.php in ECW-Shop 6.0.2 allows remote attackers to obtain sensitive information via the 1 min or 2 max parameter with a "'" single quote, which reveals the path in an error message, possibly due to a SQL injection vulnerability...
CVE-2005-2622
The CVE-2005-2622 entry concerns ECW-Shop 6.0.2. The affected component is index.php, with a vulnerability in the parameters (1) max and (2) ctg that allows cross-site scripting (XSS). The NVD entry lists a CVSSv2 base score of 4.3 (Medium) with network attack vector, requiring no authentication,...
CVE-2005-2621
Affected software: ECW-Shop 6.0.2 (index.php). Vulnerability details: Remote attackers can supply the parameters (1) min or (2) max containing a single quote to trigger an error message that reveals the path, suggesting a possible SQL injection vulnerability. The issue exposes sensitive informati...
CVE-2003-1231
Cross-site scripting XSS vulnerability in index.php in ECW-Shop 5.5 allows remote attackers to inject arbitrary web script or HTML via the cat parameter...
CVE-2005-2623
ECW-Shop 6.0.2 allows remote attackers to reduce the total cost of their shopping cart by specifying a negative quantity for an item, which causes the price of the item to be subtracted from the total cost...
[SA16459] ECW-Shop SQL Injection and Cross-Site Scripting Vulnerabilities
---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...
ECWshop.txt
Hello All, I have discovered a number of remote vulnerabilities in: ECW Shop 6.0.2 Authors Site: http://www.soft4e.com/ ECW Shop is described by its authors as: ECW-Shop - simple for use featured shopping cart with ability to use Excel or Access format for database...