74 matches found
CVE-2012-1664
osCMax 2.5.1 fixes CVE-2012-1664 (and related CVE-2012-1665) XSS and SQLi vulnerabilities in the admin panel. The advisory describes multiple reflected XSS vectors in admin/login.php, admin/new_attributes_include.php, admin/htaccess.php, admin/information_form.php, admin/xsell.php, and several st...
osCMax 2.0 (fckeditor) Remote File Upload
No description provided by source. Title: osCMax 2.0 fckeditor Remote File Upload Vendor: http://www.oscdox.com Dork: Powered by osCMax v2.0 , Copyright @ RahnemaCo.com AUTHOR: ITSecTeam Email: [email protected] Website: http://www.itsecteam.com Forum : http://forum.ITSecTeam.com Original Advisor...
osCmax跨站请求伪造漏洞
Bugtraq ID:66272 osCmax是一款免费的PHP开源商城。 osCmax存在跨站请求伪造漏洞,允许远程攻击者构建恶意URI,诱使用户解析,可以目标用户上下文执行恶意操作,如添加管理员账户。 0 osCmax 2.5.X 目前没有详细解决方案提供: http://www.oscmax.com/ html form method="post" name="newmember" action="http://127.0.0.1/catalog/admin/adminmembers.php?action=membernewpage=1mID=1" input...
osCMax 2.5 - Cross-Site Request Forgery
source: https://www.securityfocus.com/bid/66272/info osCmax is prone to a cross-site request-forgery vulnerability because it does not properly validate HTTP requests. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions. This may lead to further attacks...
osCMax 2.5 - Cross-Site Request Forgery
osCMax 2.5 - Cross-Site Request Forgery source: https://www.securityfocus.com/bid/66272/info osCmax is prone to a cross-site request-forgery vulnerability because it does not properly validate HTTP requests. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions...
osCmax 2.5.x Cross Site Request Forgery
Author: TUNISIAN CYBER + Exploit Title: osCmax 2.5.X Cross-Site Request Forgery Add Admin Vulnerability + Date: 15-03-2014 + Category: WebApp + Version: 2.5.X + Tested on: KaliLinux/Windows 7 Pro + CWE: CWE-302 + Vendor: http://www.oscmax.com/ + Friendly Sites: na3il.com,th3-creative.com +...
osCmax 2.5.X Cross-Site Request Forgery (Add Admin) Vulnerability
Exploit for php platform in category web applications + Author: TUNISIAN CYBER + Exploit Title: osCmax 2.5.X Cross-Site Request Forgery Add Admin Vulnerability + Date: 15-03-2014 + Category: WebApp + Version: 2.5.X + Tested on: KaliLinux/Windows 7 Pro + CWE: CWE-302 + Vendor: http://www.oscmax.co...
osCmax e-Commerce 2.5.3 Cross Site Scripting / Shell Upload
Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : 1337day.com 0 1 + Support e-mail : submitat1337day.com 1 0 0 1 1 0 I'm KedAns-Dz member from Inj3ct0r Team 1 1 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 Title : osCmax...
osCMax - Arbitrary File Upload / Full Path Information Disclosure
source: https://www.securityfocus.com/bid/64307/info osCMax is prone to an arbitrary file-upload vulnerability and an information-disclosure vulnerability . Attackers can exploit these issues to obtain sensitive information and upload arbitrary files. This may aid in other attacks. osCMax 2.5.3 i...
osCMax - Arbitrary File Upload Full Path Information Disclosure
osCMax - Arbitrary File Upload Full Path Information Disclosure source: https://www.securityfocus.com/bid/64307/info osCMax is prone to an arbitrary file-upload vulnerability and an information-disclosure vulnerability . Attackers can exploit these issues to obtain sensitive information and uploa...
osCmax Shop CMS v2.5.1 - Multiple Web Vulnerabilities
Title: ====== osCmax Shop CMS v2.5.1 - Multiple Web Vulnerabilities Date: ===== 2012-04-08 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=497 VL-ID: ===== 497 Introduction: ============= osCMax is a powerful e-commerce/shopping cart web application. There are many...
Multiple vulnerabilities in osCmax
Advisory ID: HTB23081 Product: osCmax Vendor: osCMax.com Vulnerable Versions: 2.5.0 and probably prior Tested Version: 2.5.0 Vendor Notification: 14 March 2012 Vendor Patch: 30 March 2012 Public Disclosure: 4 April 2012 Vulnerability Type: Cross-Site Scripting XSS, SQL Injection CVE References:...
osCmax Shop CMS 2.5.1 Cross Site Scripting
Title: ====== osCmax Shop CMS v2.5.1 - Multiple Web Vulnerabilities Date: ===== 2012-04-08 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=497 VL-ID: ===== 497 Introduction: ============= osCMax is a powerful e-commerce/shopping cart web application. There are many...
osCmax Shop CMS v2.5.1 - Multiple Web Vulnerabilities
Document Title: =============== osCmax Shop CMS v2.5.1 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=497 Release Date: ============= 2012-04-07 Vulnerability Laboratory ID VL-ID: ==================================== 497...
osCmax Shop CMS v2.5.1 - Multiple Web Vulnerabilities
Document Title: =============== osCmax Shop CMS v2.5.1 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=497 Release Date: ============= 2012-04-07 Vulnerability Laboratory ID VL-ID: ==================================== 497...
osCMax 2.5 - adminstats_products_purchased.php Multiple Cross-Site Scripting Vulnerabilities
osCMax 2.5 - adminstatsproductspurchased.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/52886/info osCMax is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize...
osCMax 2.5 - adminhtaccess.php Multiple Cross-Site Scripting Vulnerabilities
osCMax 2.5 - adminhtaccess.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/52886/info osCMax is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied...
osCMax 2.5 - adminstats_monthly_sales.php?status Cross-Site Scripting
osCMax 2.5 - adminstatsmonthlysales.php?status Cross-Site Scripting source: https://www.securityfocus.com/bid/52886/info osCMax is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input...
osCMax 2.5 - adminstats_monthly_sales.php?status SQL Injection
osCMax 2.5 - adminstatsmonthlysales.php?status SQL Injection source: https://www.securityfocus.com/bid/52886/info osCMax is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting...
osCMax 2.5 - adminlogin.php?Username Cross-Site Scripting
osCMax 2.5 - adminlogin.php?Username Cross-Site Scripting source: https://www.securityfocus.com/bid/52886/info osCMax is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting thes...