EUVD-2003-0238

Malware in sbrugna...

HappyMall E-Commerce Software Member_HTML.CGI Command Execution (CVE-2003-0243)

A command Execution Vulnerability has been reported in HappyMall E-Commerce Software. The vulnerability is due to improper filtering of the normalhtml.cgi / memberhtml.cgi scripts, while passing pipe and semi-colon characters in the URL. A remote attacker can create a specially crafted URL to cau...

HappyMall E-Commerce Software 4.3/4.4 Member_HTML.CGI Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7530/info It has been reported that a problem in the HappyMall E-Commerce software package could allow an attacker to pass arbitrary commands through the memberhtml.cgi script. This could lead to attacks against system...

Happymall E-Commerce Software 4.3/4.4 Normal_HTML.CGI File Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7559/info IT has been reported that Happymall E-Commerce is prone to a file disclosure vulnerability. The problem occurs due to insufficient sanitization of user-supplied URI parameters. As a result, it may be possible fo...

Happymall E-Commerce Software 4.3/4.4 Normal_HTML.CGI Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7557/info IT has been reported that Happymall E-Commerce is prone to cross-site scripting attacks. The problem occurs due to insufficient sanitization of user-supplied URI parameters. As a result, it may be possible for a...

HappyMall E-Commerce Software 4.3/4.4 Normal_HTML.CGI Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7529/info It has been reported that a problem in the HappyMall E-Commerce software package could allow an attacker to pass arbitrary commands through the normalhtml.cgi script. This could lead to attacks against system...

HappyMall normal_html.cgi Remote Command Execution

Binary data 1539.prm...

CVE-2003-0278

Cross-site scripting XSS vulnerability in normalhtml.cgi in Happycgi.com Happymall 4.3 and 4.4 allows remote attackers to insert arbitrary web script via the file parameter...

CVE-2003-0243

Happycgi.com Happymall 4.3 and 4.4 allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameter for the 1 normalhtml.cgi or 2 memberhtml.cgi scripts...

happymall-adv.txt

Happymall E-Commerce Directory Transversal Bug and Cross-site scripting Vendor: Happycgi.com Product: Happymall Versions: 4.3, 4.4 patched version too 'normalhtml.cgi' doesn't filter user-supplied input. The well-known directory transversal and cross-site scripting XSS vulnerabilities are present...

CVE-2003-0278

CVE-2003-0278 : The NVD/NVD-derived description identifies a cross‑site scripting (XSS) vulnerability in the normal_html.cgi component of Happycgi.com Happymall versions 4.3 and 4.4. The flaw allows remote attackers to inject arbitrary web script via the file parameter. This is limited to the des...

CVE-2003-0277

The CVE-2003-0277 issue affects Happycgi Happymall (HappyMall) versions 4.3 and 4.4, where a directory traversal vulnerability is exposed in the normal_html.cgi script. The underlying problem is exploitation of .. (dot dot) sequences in the file parameter, enabling remote attackers to read arbitr...

CVE-2003-0277

Directory traversal vulnerability in normalhtml.cgi in Happycgi.com Happymall 4.3 and 4.4 allows remote attackers to read arbitrary files via .. dot dot sequences in the file parameter...

CVE-2003-0278

Cross-site scripting XSS vulnerability in normalhtml.cgi in Happycgi.com Happymall 4.3 and 4.4 allows remote attackers to insert arbitrary web script via the file parameter...

One more flaw in Happymall

Happymall E-Commerce Directory Transversal Bug and Cross-site scripting Vendor: Happycgi.com Product: Happymall Versions: 4.3, 4.4 patched version too 'normalhtml.cgi' doesn't filter user-supplied input. The well-known directory transversal and cross-site scripting XSS vulnerabilities are present...

Happymall E-Commerce Software 4.3/4.4 - 'Normal_HTML.cgi' File Disclosure

source: https://www.securityfocus.com/bid/7559/info IT has been reported that Happymall E-Commerce is prone to a file disclosure vulnerability. The problem occurs due to insufficient sanitization of user-supplied URI parameters. As a result, it may be possible for an attacker to view the contents...

Happymall E-Commerce Software 4.3/4.4 - 'Normal_HTML.cgi' Cross-Site Scripting

source: https://www.securityfocus.com/bid/7557/info IT has been reported that Happymall E-Commerce is prone to cross-site scripting attacks. The problem occurs due to insufficient sanitization of user-supplied URI parameters. As a result, it may be possible for an attacker to execute arbitrary...

Happymall E-Commerce Software 4.34.4 - Normal_HTML.cgi File Disclosure

Happymall E-Commerce Software 4.34.4 - NormalHTML.cgi File Disclosure source: https://www.securityfocus.com/bid/7559/info IT has been reported that Happymall E-Commerce is prone to a file disclosure vulnerability. The problem occurs due to insufficient sanitization of user-supplied URI parameters...

Happymall E-Commerce Software 4.34.4 - Normal_HTML.cgi Cross-Site Scripting

Happymall E-Commerce Software 4.34.4 - NormalHTML.cgi Cross-Site Scripting source: https://www.securityfocus.com/bid/7557/info IT has been reported that Happymall E-Commerce is prone to cross-site scripting attacks. The problem occurs due to insufficient sanitization of user-supplied URI...

Happymall E-Commerce Remote Command Execution

Advisory URL: http://securitytracker.com/alerts/2003/May/1006707.html Vendor: Happycgi.com Product: Happymall Versions: 4.3, 4.4 Title: Happymall E-Commerce Input Validation Flaw Lets Remote Users Execute Arbitrary Commands Description: Revin Aldi reported an input validation vulnerability in the...