Lucene search
K

40 matches found

NVD
NVD
added 2014/03/24 4:43 p.m.23 views

CVE-2012-6430

Cross-site scripting XSS vulnerability in Open Solution Quick.Cms 5.0 and Quick.Cart 6.0, possibly as downloaded before December 19, 2012, allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to admin.php. NOTE: this might be a duplicate of CVE-2008-4140...

4.3CVSS5.6AI score0.0391EPSS
Exploits3References8
ATTACKERKB
ATTACKERKB
added 2014/03/24 4:43 p.m.5 views

CVE-2012-6430

Cross-site scripting XSS vulnerability in Open Solution Quick.Cms 5.0 and Quick.Cart 6.0, possibly as downloaded before December 19, 2012, allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to admin.php. NOTE: this might be a duplicate of CVE-2008-4140...

4.3CVSS5.6AI score0.0391EPSS
Exploits4References9
Prion
Prion
added 2014/03/24 4:43 p.m.18 views

Cross site scripting

Cross-site scripting XSS vulnerability in Open Solution Quick.Cms 5.0 and Quick.Cart 6.0, possibly as downloaded before December 19, 2012, allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to admin.php. NOTE: this might be a duplicate of CVE-2008-4140...

4.3CVSS6AI score0.0391EPSS
Exploits4References8Affected Software2
Cvelist
Cvelist
added 2014/03/24 2:0 p.m.30 views

CVE-2012-6430

Cross-site scripting XSS vulnerability in Open Solution Quick.Cms 5.0 and Quick.Cart 6.0, possibly as downloaded before December 19, 2012, allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to admin.php. NOTE: this might be a duplicate of CVE-2008-4140...

5.6AI score0.0391EPSS
Exploits3References8
CVE
CVE
added 2014/03/24 2:0 p.m.58 views

CVE-2012-6430

The CVE-2012-6430 entry describes a Cross-Site Scripting (XSS) vulnerability in OpenSolution Quick.Cms 5.0 and Quick.Cart 6.0 (and possibly earlier) where unsafely processed data in PATH_INFO to admin.php allows remote attackers to execute arbitrary scripts. The issue originates from insufficient...

4.3CVSS5.7AI score0.0391EPSS
Exploits3References8Affected Software2
NVD
NVD
added 2012/11/27 4:49 a.m.13 views

CVE-2012-6049

Open Solution Quick.Cart 5.0 allows remote attackers to obtain sensitive information via 1 a long string or 2 invalid characters in a cookie, which reveals the installation path in an error message...

5CVSS6.2AI score0.01354EPSS
Exploits0References3
Prion
Prion
added 2012/11/27 4:49 a.m.15 views

Design/Logic Flaw

Open Solution Quick.Cart 5.0 allows remote attackers to obtain sensitive information via 1 a long string or 2 invalid characters in a cookie, which reveals the installation path in an error message...

5CVSS6.7AI score0.01354EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2012/11/27 2:0 a.m.19 views

CVE-2012-6049

Open Solution Quick.Cart 5.0 allows remote attackers to obtain sensitive information via 1 a long string or 2 invalid characters in a cookie, which reveals the installation path in an error message...

6.2AI score0.01354EPSS
Exploits0References3
CVE
CVE
added 2012/11/27 2:0 a.m.48 views

CVE-2012-6049

Open Solution Quick.Cart 5.0 contains an information-disclosure flaw in cookie handling: remote attackers can trigger error messages that reveal the installation path via a long string or invalid characters in a cookie. The affected product/version is stated as Quick.Cart 5.0; the vulnerability a...

5CVSS6.4AI score0.01354EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2007/06/08 4:30 p.m.14 views

CVE-2007-3138

Directory traversal vulnerability in index.php in Open Solution Quick.Cart 2.2 and earlier allows remote attackers to include and execute arbitrary local files via a .. dot dot in an sLanguage cookie, which is used to define a value in config/general.php...

7.5CVSS7.1AI score0.02904EPSS
Exploits1References6
Cvelist
Cvelist
added 2007/06/08 4:0 p.m.23 views

CVE-2007-3138

Directory traversal vulnerability in index.php in Open Solution Quick.Cart 2.2 and earlier allows remote attackers to include and execute arbitrary local files via a .. dot dot in an sLanguage cookie, which is used to define a value in config/general.php...

7.1AI score0.02904EPSS
Exploits1References6
CVE
CVE
added 2007/06/08 4:0 p.m.44 views

CVE-2007-3138

CVE-2007-3138 affects Open Solution Quick.Cart 2.2 and earlier. A directory traversal flaw allows remote attackers to cause local file inclusion via a .. in the sLanguage cookie, which is used to define a value in config/general.php. The vulnerability can impact confidentiality, integrity, and av...

7.5CVSS7.2AI score0.02904EPSS
Exploits1References6Affected Software1
NVD
NVD
added 2007/01/16 11:28 p.m.23 views

CVE-2007-0258

Cross-site scripting XSS vulnerability in index.php in 1 Fastilo 2.0 and 2 Open Solution Quick.Cart 2.0 allows remote attackers to inject arbitrary web script or HTML via the p parameter. NOTE: some of these details are obtained from third party information...

6.8CVSS5.8AI score0.01913EPSS
Exploits1References10
CVE
CVE
added 2007/01/16 11:0 p.m.53 views

CVE-2007-0258

CVE-2007-0258 is an XSS vulnerability in the web application code paths for 1) Fastilo 2.0 and 2) Open Solution Quick.Cart 2.0, specifically in index.php where the p parameter can be used to inject arbitrary script/HTML. The connected sources consistently describe the issue as a cross-site script...

6.8CVSS5.8AI score0.01913EPSS
Exploits1References10Affected Software2
NVD
NVD
added 2006/12/08 1:28 a.m.12 views

CVE-2006-6391

Multiple directory traversal vulnerabilities in Open Solution Quick.Cart 2.0, when registerglobals is enabled and magicquotesgpc is disabled, allow remote attackers to include arbitrary files via a .. dot dot in the configdbtype parameter to 1 actionsadmin/other.php and 2 actionsclient/gallery.ph...

6.8CVSS6.7AI score0.01883EPSS
Exploits1References1
NVD
NVD
added 2006/12/08 1:28 a.m.13 views

CVE-2006-6390

Multiple directory traversal vulnerabilities in Open Solution Quick.Cart 2.0, when registerglobals is enabled and magicquotesgpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. dot dot in the configdbtype parameter to 1 categories.php, 2 couriers.php, 3...

6.8CVSS7.3AI score0.02127EPSS
Exploits1References5
Cvelist
Cvelist
added 2006/12/08 1:0 a.m.16 views

CVE-2006-6391

Multiple directory traversal vulnerabilities in Open Solution Quick.Cart 2.0, when registerglobals is enabled and magicquotesgpc is disabled, allow remote attackers to include arbitrary files via a .. dot dot in the configdbtype parameter to 1 actionsadmin/other.php and 2 actionsclient/gallery.ph...

6.7AI score0.01883EPSS
Exploits1References1
Cvelist
Cvelist
added 2006/12/08 1:0 a.m.20 views

CVE-2006-6390

Multiple directory traversal vulnerabilities in Open Solution Quick.Cart 2.0, when registerglobals is enabled and magicquotesgpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. dot dot in the configdbtype parameter to 1 categories.php, 2 couriers.php, 3...

7.3AI score0.02127EPSS
Exploits1References5
CVE
CVE
added 2006/12/08 1:0 a.m.56 views

CVE-2006-6391

CVE-2006-6391 affects Open Solution Quick.Cart 2.0. The issue is a directory traversal vulnerability that allows remote attackers to include arbitrary files via a .. in the config[db_type] parameter sent to actions_admin/other.php and actions_client/gallery.php when register_globals is enabled an...

6.8CVSS7AI score0.01883EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2006/12/08 1:0 a.m.43 views

CVE-2006-6390

CVE-2006-6390 concerns multiple directory traversal vulnerabilities in Open Solution Quick.Cart 2.0 . When register_globals is enabled and magic_quotes_gpc is disabled, remote attackers can exploit a .. path in the config[db_type] parameter to (1) categories.php, (2) couriers.php, (3) orders.php,...

6.8CVSS7.7AI score0.02127EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder