Lucene search
K

18 matches found

NVD
NVD
added 2026/06/19 6:17 a.m.14 views

CVE-2026-11989

The Bit integrations – Form Integration, Webhook, Spreadsheets, CRM, LMS & Email Automation plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.8.7 via the uploadattachment. This makes it possible for unauthenticated attackers to make web...

6.5CVSS0.00312EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2026/06/01 10:3 p.m.14 views

CVE-2026-42879

FacturaScripts is an open source accounting and invoicing software. In 2025.81 and earlier, an authenticated unrestricted file upload vulnerability exists in FacturaScripts' product image upload functionality. An attacker with valid credentials can upload a PHP file disguised as a GIF image using...

6.3CVSS5.8AI score0.00229EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/27 6:29 p.m.46 views

CVE-2026-42879 FacturaScripts: Authenticated Remote Code Execution (RCE) via GIF Image Upload in Product Images

FacturaScripts is an open source accounting and invoicing software. In 2025.81 and earlier, an authenticated unrestricted file upload vulnerability exists in FacturaScripts' product image upload functionality. An attacker with valid credentials can upload a PHP file disguised as a GIF image using...

6.3CVSS0.00229EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/27 6:29 p.m.16 views

CVE-2026-42879 FacturaScripts: Authenticated Remote Code Execution (RCE) via GIF Image Upload in Product Images

FacturaScripts is an open source accounting and invoicing software. In 2025.81 and earlier, an authenticated unrestricted file upload vulnerability exists in FacturaScripts' product image upload functionality. An attacker with valid credentials can upload a PHP file disguised as a GIF image using...

6.3CVSS5.8AI score0.00229EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/27 6:29 p.m.11 views

CVE-2026-42879

FacturaScripts is an open source accounting and invoicing software. In 2025.81 and earlier, an authenticated unrestricted file upload vulnerability exists in FacturaScripts' product image upload functionality. An attacker with valid credentials can upload a PHP file disguised as a GIF image using...

6.3CVSS5.8AI score0.00229EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2004-2689

Malware in sbrugna...

4.3CVSS6.4AI score0.0217EPSS
Exploits1References8
Packet Storm
Packet Storm
added 2023/03/31 12:0 a.m.746 views

WordPress WooCommerce 7.1.0 Remote Code Execution

Title: Wordpress Plugin WooCommerce v7.1.0 - Remote Code ExecutionRCE Date: 2022-12-07 Author: Milad Karimi Vendor Homepage: https://wordpress.org/plugins/woocommerce Software Link: https://wordpress.org/plugins/woocommerce Tested on: windows 10 , firefox Version: 7.1.0 CVE : N/A Description:...

6.8AI score
Exploits0
0day.today
0day.today
added 2020/07/01 12:0 a.m.134 views

Online Shopping Portal 3.1 - Authentication Bypass Vulnerability

Exploit for php platform in category web applications Exploit Title: Online Shopping Portal 3.1 - Authentication Bypass Exploit Author: Ümit Yalçın Vendor Homepage: https://phpgurukul.com/shopping-portal-free-download/ Version: 3.1 Tested on: Windows 10 / WampServer 1- Authentication Bypass Go to...

0.1AI score
Exploits0
OSV
OSV
added 2020/03/02 2:15 p.m.5 views

CVE-2018-17058

An issue was discovered in JABA XPress Online Shop through 2018-09-14. It contains an arbitrary file upload vulnerability in the picture-upload feature of ProductEdit.aspx. An authenticated attacker may bypass the frontend filename validation and upload an arbitrary file via FileUploader.aspx.cs ...

8.8CVSS5.9AI score0.01324EPSS
Exploits0References1
Akamai Blog
Akamai Blog
added 2019/11/06 4:0 p.m.65 views

Mobile Window Shopping Climbs, But Sites Are Still Failing Users

This Diwali we saw mobile usage increase 24% over 2018, at the expense of desktop and tablet devices, as mobile shoppers continued to research before buying, even while in a store. At the same time, bounce rates increased, which means shoppers were likely dissatisfied with their experience and...

0.2AI score
Exploits0
Hacker One
Hacker One
added 2019/04/10 3:50 p.m.51 views

Shopify: Unpublished Product Images can be disclosed

Hi, This looks like a minor issue but felt like it was something worth reporting. Ideally, a product can be published or remain unpublished on any sales channel. If a product remains unpublished, then no information regarding it must be visible to public including product pictures. But I found an...

0.6AI score
Exploits0
Packet Storm
Packet Storm
added 2014/01/08 12:0 a.m.58 views

UAEPD Shopping Script SQL Injection

uaepd script – Multiple Sql Injection Vulnerabilty ==================================================================== .:. Author : AtT4CKxT3rR0r1ST .:. Contact : [email protected] , [email protected] .:. Home : http://www.iphobos.com/blog/ .:. Script : http://www.uaepd.net/ .:. Dork :...

0.1AI score
Exploits0
ThreatPost
ThreatPost
added 2012/10/30 2:35 p.m.13 views

EFF Raises Questions on Privacy Leaks in Ubuntu

The EFF is warning users of Ubuntu’s latest release that the open-source operating system sends their search queries to third parties, including Amazon, by default, and that some of their search results may be viewable by other users on the same network. The privacy leaks are present in Ubuntu...

6.6AI score
Exploits0References4
0day.today
0day.today
added 2012/08/24 12:0 a.m.37 views

Bitcart Remote File Upload

Exploit for php platform in category web applications Exploit Title: Bitcart Remote File Upload Date: 23/08/2012 Author: DaOne @LibyanCA Vendor: http://www.bit-cart.com/ Price: $399 Google dork: intext:"Shopping cart developed By Bitwords Media" Exploit http://site.com/upload.php Find Your Ev!L o...

7.1AI score
Exploits0
0day.today
0day.today
added 2012/08/15 12:0 a.m.29 views

MobileCartly 1.0 Remote File Upload Vulnerability

Exploit for php platform in category web applications Exploit Title: MobileCartly 1.0 Remote File Upload Vulnerability Google Dork: - Date: 14/08/2012 Exploit Author: ICheerNo0M Vendor Homepage: http://icheernoom.blogspot.com/ Software Link: http://mobilecartly.com/mobilecartly.zip Version: 1.0...

7.1AI score
Exploits0
CVE
CVE
added 2007/10/06 9:0 p.m.43 views

CVE-2004-2699

CVE-2004-2699 : deleteicon.aspx in AspDotNetStorefront 3.3 allows an unauthenticated remote attacker to delete arbitrary product images by modifying the ProductID parameter. This affects image integrity (partial impact) per the NVD CVSS2 vector (AV:N/AC:M/Au:N/C:N/I:P/A:N) with a base score of 4....

4.3CVSS7.2AI score0.0217EPSS
Exploits1References7Affected Software1
Cvelist
Cvelist
added 2007/10/06 9:0 p.m.18 views

CVE-2004-2699

deleteicon.aspx in AspDotNetStorefront 3.3 allows remote attackers to delete arbitrary product images via a modified ProductID parameter...

6.8AI score0.0217EPSS
Exploits1References7
NVD
NVD
added 2004/12/31 5:0 a.m.14 views

CVE-2004-2699

deleteicon.aspx in AspDotNetStorefront 3.3 allows remote attackers to delete arbitrary product images via a modified ProductID parameter...

4.3CVSS6.8AI score0.0217EPSS
Exploits1References7
Rows per page
Query Builder