14 matches found
EUVD-2020-21452
Malware in sbrugna...
EUVD-2018-10670
Malware in sbrugna...
EUVD-2020-20467
Malware in sbrugna...
EUVD-2018-10669
Malware in sbrugna...
CVE-2012-5798
The PayPal Pro PayFlow EC module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...
CVE-2024-22724
An issue was discovered in osCommerce v4, allows local attackers to bypass file upload restrictions and execute arbitrary code via administrator profile photo upload feature...
osCommerce SQL Injection Vulnerability
osCommerce is an open source online shopping e-commerce solution based on the GNUGPL license. An SQL injection vulnerability exists in osCommerce, which originates from the lack of validation of the parameter estimatecountryid in the file /b2b-supermarket/shopping-cart against externally entered...
osCommerce 2.2 - '/admin/products_attributes.php?page' Cross-Site Scripting
source: https://www.securityfocus.com/bid/20343/info osCommerce is prone to multiple cross-site scripting vulnerabilities. An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attack...
CVE-2004-2638
The Admin Access With Levels plugin in osCommerce 1.5.1 allows remote attackers to access files in the "admin/" directory by modifying the inlogin parameter to a non-zero value...
oscommerce 2.2 file_manager.php file browsing
l0om - l0omatexcluded.org - www.excluded.org greets, while i was "warsearching" with google i suddenly have been on the admin interfaces of many oscommerce sites. i made a: allinurl:admin/filemanager.php for nomal you can only view your oscommerce directorys, but if you type in the following you...
osCommerce 2.2 - 'osCsid' Cross-Site Scripting
source: https://www.securityfocus.com/bid/9238/info It has been reported that osCommerce may be prone to a cross-site scripting vulnerability that may allow an attacker to construct a malicious link containing HTML or script code that may be rendered in a user's browser. Successful exploitation o...
[IPS] osCommerce multiple XSS vulnerabilities
iProyectos Security Advisory: XSS Bugs in osCommerce 1. Problem description. 2. Risk 3. Solution 4. Manual fix 5. About iProyectos ------------------------------------ 1. Problem description: osCommerce is a widely installed open source shopping e-commerce solution. Some XSS cross-site scripting...
PHP source injection in osCommerce
PHP source injection in osCommerce ---------------------------------- Product Description osCommerce is an open source e-commerce solution under on going development by the open source community. Its feature packed out-of-the- box installation allows store owners to setup, run, and maintain their...
osCommerce 2.1 - Remote File Inclusion
source: https://www.securityfocus.com/bid/5037/info osCommerce is prone to an issue which may allow remote attackers to include arbitrary files located on remote servers. If the remote file is a PHP script, this may allow for execution of attacker-supplied PHP code with the privileges of the...