108 matches found
commerceSQL.txt
CommerceSQL shopping cart http://commercesql.com allows remote file reading. It only needs to specially prepared page variable in index.cgi to allow reading remote files like /etc/passwd By using prepared GET page variable it allows user to read remote files Example: With...
[CommerceSQL] Remote File Read Vulnerability
CommerceSQL shopping cart http://commercesql.com allows remote file reading. It only needs to specially prepared page variable in index.cgi to allow reading remote files like /etc/passwd By using prepared GET page variable it allows user to read remote files Example: With...
CVE-2003-0416
CVE-2003-0416 affects Bandmin 1.4: the index.cgi component is vulnerable to cross-site scripting via (1) year or (2) month in showmonth, or (3) host in showhost. Root cause is improper handling of user-supplied input leading to arbitrary HTML/script insertion. Impact: potential theft of cookies o...
Boozt Standard 0.9.8 - index.cgi Buffer Overrun
Boozt Standard 0.9.8 - index.cgi Buffer Overrun // source: https://www.securityfocus.com/bid/6281/info A vulnerability has been discovered in Boozt. By passing a malicious parameter of excessive length to the index.cgi script, it is possible to overrun a buffer. This could be exploited by a remot...
Boozt Standard 0.9.8 - 'index.cgi' Buffer Overrun
// source: https://www.securityfocus.com/bid/6281/info A vulnerability has been discovered in Boozt. By passing a malicious parameter of excessive length to the index.cgi script, it is possible to overrun a buffer. This could be exploited by a remote attacker to corrupt sensitive memory, which ma...
CVE-2002-1007
Cross-site scripting vulnerabilities in Blackboard 5 allow remote attackers to execute arbitrary web script via 1 the courseid parameter in a link to login.pl, 2 the CTID parameter in ProcessInfo.cgi, or 3 the Message parameter in index.cgi...
CVE-2002-0098
CVE-2002-0098 describes a buffer overflow in Boozt AdBanner’s index.cgi admin interface of Boozt! Standard 0.9.8. The vulnerability occurs when a long banner creation name is copied into internal arrays, allowing local arbitrary code execution or a crash. Connected sources cite a CVSS v2 base sco...
CVE-2002-0098
Buffer overflow in index.cgi administration interface for Boozt! Standard 0.9.8 allows local users to execute arbitrary code via a long name field when creating a new banner...