74 matches found
EUVD-2012-1674
Malware in sbrugna...
EUVD-2012-1675
Malware in sbrugna...
EUVD-2012-6533
Malware in sbrugna...
EUVD-2007-4940
Malware in sbrugna...
osCmax 2.5.4 Code Execution / CSRF / Local File Inclusion
Advisory ID: HTB23285 Product: osCmax Vendor: http://oscmax.com/ Vulnerable Versions: 2.5.4 and probably prior Tested Version: 2.5.4 Advisory Publication: December 21, 2015 without technical details Vendor Notification: December 21, 2015 Public Disclosure: February 17, 2016 Vulnerability Type: PH...
RCE via CSRF in osCmax
High-Tech Bridge Security Research Lab discovered 2 PHP Local File Inclusion vulnerabilities in osCmax, a popular web-based e-commerce application and shopping cart. The vulnerabilities can be exploited to execute arbitrary PHP code on the target system. Successful exploitation of these...
osCMax e-commerce/shopping-cart Detection
Detects the installed version of osCMax e-commerce/shopping-cart. This script sends an HTTP GET request and tries to get the version from the response. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...
osCMax e-commerce/shopping-cart Multiple Vulnerabilities
osCMax is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:oscmax:oscmax"; ifdescription...
Multiple Cross-Site Request Forgery Vulnerabilities in osCMax
osCMax is a PHP-based open source e-commerce system/shopping cart application that supports multi-language, SSL-secured transactions, multiple payment methods, regional shipping conversion, printing invoices and more. Multiple cross-site request forgery vulnerabilities exist in versions of osCMax...
CVE-2012-6691
Multiple cross-site request forgery CSRF vulnerabilities in the admin panel in osCMax before 2.5.1 allow remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the 1 status parameter to admin/statsmonthlysales.php or 2 country parameter...
CVE-2012-1665
Multiple SQL injection vulnerabilities in the admin panel in osCMax before 2.5.1 allow 1 remote attackers to execute arbitrary SQL commands via the username parameter in a process action to admin/login.php or 2 remote administrators to execute arbitrary SQL commands via the status parameter to...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in the admin panel in osCMax before 2.5.1 allow remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the 1 status parameter to admin/statsmonthlysales.php or 2 country parameter...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the admin panel in osCMax before 2.5.1 allow remote attackers to inject arbitrary web script or HTML via the 1 username parameter in a process action to admin/login.php; 2 pageTitle, 3 currentproductid, or 4 cPath parameter to...
CVE-2012-1664
Multiple cross-site scripting XSS vulnerabilities in the admin panel in osCMax before 2.5.1 allow remote attackers to inject arbitrary web script or HTML via the 1 username parameter in a process action to admin/login.php; 2 pageTitle, 3 currentproductid, or 4 cPath parameter to...
Sql injection
Multiple SQL injection vulnerabilities in the admin panel in osCMax before 2.5.1 allow 1 remote attackers to execute arbitrary SQL commands via the username parameter in a process action to admin/login.php or 2 remote administrators to execute arbitrary SQL commands via the status parameter to...
CVE-2012-1665
Multiple SQL injection vulnerabilities in the admin panel in osCMax before 2.5.1 allow 1 remote attackers to execute arbitrary SQL commands via the username parameter in a process action to admin/login.php or 2 remote administrators to execute arbitrary SQL commands via the status parameter to...
CVE-2012-1664
osCMax 2.5.1 fixes CVE-2012-1664 (and related CVE-2012-1665) XSS and SQLi vulnerabilities in the admin panel. The advisory describes multiple reflected XSS vectors in admin/login.php, admin/new_attributes_include.php, admin/htaccess.php, admin/information_form.php, admin/xsell.php, and several st...
CVE-2012-1665
CVE-2012-1665 affects osCMax prior to v2.5.1 with multiple SQL injection flaws in the admin panel. The vulnerabilities allow remote attackers to inject SQL via: (1) username in admin/login.php, (2) status in admin/stats_monthly_sales.php, and (3) country in admin/create_account_process.php. These...
CVE-2012-1664
Multiple cross-site scripting XSS vulnerabilities in the admin panel in osCMax before 2.5.1 allow remote attackers to inject arbitrary web script or HTML via the 1 username parameter in a process action to admin/login.php; 2 pageTitle, 3 currentproductid, or 4 cPath parameter to...
CVE-2012-6691
Multiple cross-site request forgery CSRF vulnerabilities in the admin panel in osCMax before 2.5.1 allow remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the 1 status parameter to admin/statsmonthlysales.php or 2 country parameter...