40 matches found
CVE-2012-6430
Cross-site scripting XSS vulnerability in Open Solution Quick.Cms 5.0 and Quick.Cart 6.0, possibly as downloaded before December 19, 2012, allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to admin.php. NOTE: this might be a duplicate of CVE-2008-4140...
CVE-2012-6430
Cross-site scripting XSS vulnerability in Open Solution Quick.Cms 5.0 and Quick.Cart 6.0, possibly as downloaded before December 19, 2012, allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to admin.php. NOTE: this might be a duplicate of CVE-2008-4140...
Cross site scripting
Cross-site scripting XSS vulnerability in Open Solution Quick.Cms 5.0 and Quick.Cart 6.0, possibly as downloaded before December 19, 2012, allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to admin.php. NOTE: this might be a duplicate of CVE-2008-4140...
CVE-2012-6430
Cross-site scripting XSS vulnerability in Open Solution Quick.Cms 5.0 and Quick.Cart 6.0, possibly as downloaded before December 19, 2012, allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to admin.php. NOTE: this might be a duplicate of CVE-2008-4140...
CVE-2012-6430
The CVE-2012-6430 entry describes a Cross-Site Scripting (XSS) vulnerability in OpenSolution Quick.Cms 5.0 and Quick.Cart 6.0 (and possibly earlier) where unsafely processed data in PATH_INFO to admin.php allows remote attackers to execute arbitrary scripts. The issue originates from insufficient...
CVE-2012-6049
Open Solution Quick.Cart 5.0 allows remote attackers to obtain sensitive information via 1 a long string or 2 invalid characters in a cookie, which reveals the installation path in an error message...
Design/Logic Flaw
Open Solution Quick.Cart 5.0 allows remote attackers to obtain sensitive information via 1 a long string or 2 invalid characters in a cookie, which reveals the installation path in an error message...
CVE-2012-6049
Open Solution Quick.Cart 5.0 allows remote attackers to obtain sensitive information via 1 a long string or 2 invalid characters in a cookie, which reveals the installation path in an error message...
CVE-2012-6049
Open Solution Quick.Cart 5.0 contains an information-disclosure flaw in cookie handling: remote attackers can trigger error messages that reveal the installation path via a long string or invalid characters in a cookie. The affected product/version is stated as Quick.Cart 5.0; the vulnerability a...
CVE-2007-3138
Directory traversal vulnerability in index.php in Open Solution Quick.Cart 2.2 and earlier allows remote attackers to include and execute arbitrary local files via a .. dot dot in an sLanguage cookie, which is used to define a value in config/general.php...
CVE-2007-3138
Directory traversal vulnerability in index.php in Open Solution Quick.Cart 2.2 and earlier allows remote attackers to include and execute arbitrary local files via a .. dot dot in an sLanguage cookie, which is used to define a value in config/general.php...
CVE-2007-3138
CVE-2007-3138 affects Open Solution Quick.Cart 2.2 and earlier. A directory traversal flaw allows remote attackers to cause local file inclusion via a .. in the sLanguage cookie, which is used to define a value in config/general.php. The vulnerability can impact confidentiality, integrity, and av...
CVE-2007-0258
Cross-site scripting XSS vulnerability in index.php in 1 Fastilo 2.0 and 2 Open Solution Quick.Cart 2.0 allows remote attackers to inject arbitrary web script or HTML via the p parameter. NOTE: some of these details are obtained from third party information...
CVE-2007-0258
CVE-2007-0258 is an XSS vulnerability in the web application code paths for 1) Fastilo 2.0 and 2) Open Solution Quick.Cart 2.0, specifically in index.php where the p parameter can be used to inject arbitrary script/HTML. The connected sources consistently describe the issue as a cross-site script...
CVE-2006-6391
Multiple directory traversal vulnerabilities in Open Solution Quick.Cart 2.0, when registerglobals is enabled and magicquotesgpc is disabled, allow remote attackers to include arbitrary files via a .. dot dot in the configdbtype parameter to 1 actionsadmin/other.php and 2 actionsclient/gallery.ph...
CVE-2006-6390
Multiple directory traversal vulnerabilities in Open Solution Quick.Cart 2.0, when registerglobals is enabled and magicquotesgpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. dot dot in the configdbtype parameter to 1 categories.php, 2 couriers.php, 3...
CVE-2006-6391
Multiple directory traversal vulnerabilities in Open Solution Quick.Cart 2.0, when registerglobals is enabled and magicquotesgpc is disabled, allow remote attackers to include arbitrary files via a .. dot dot in the configdbtype parameter to 1 actionsadmin/other.php and 2 actionsclient/gallery.ph...
CVE-2006-6390
Multiple directory traversal vulnerabilities in Open Solution Quick.Cart 2.0, when registerglobals is enabled and magicquotesgpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. dot dot in the configdbtype parameter to 1 categories.php, 2 couriers.php, 3...
CVE-2006-6391
CVE-2006-6391 affects Open Solution Quick.Cart 2.0. The issue is a directory traversal vulnerability that allows remote attackers to include arbitrary files via a .. in the config[db_type] parameter sent to actions_admin/other.php and actions_client/gallery.php when register_globals is enabled an...
CVE-2006-6390
CVE-2006-6390 concerns multiple directory traversal vulnerabilities in Open Solution Quick.Cart 2.0 . When register_globals is enabled and magic_quotes_gpc is disabled, remote attackers can exploit a .. path in the config[db_type] parameter to (1) categories.php, (2) couriers.php, (3) orders.php,...