18 matches found
CVE-2026-11989
The Bit integrations – Form Integration, Webhook, Spreadsheets, CRM, LMS & Email Automation plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.8.7 via the uploadattachment. This makes it possible for unauthenticated attackers to make web...
CVE-2026-42879
FacturaScripts is an open source accounting and invoicing software. In 2025.81 and earlier, an authenticated unrestricted file upload vulnerability exists in FacturaScripts' product image upload functionality. An attacker with valid credentials can upload a PHP file disguised as a GIF image using...
CVE-2026-42879 FacturaScripts: Authenticated Remote Code Execution (RCE) via GIF Image Upload in Product Images
FacturaScripts is an open source accounting and invoicing software. In 2025.81 and earlier, an authenticated unrestricted file upload vulnerability exists in FacturaScripts' product image upload functionality. An attacker with valid credentials can upload a PHP file disguised as a GIF image using...
CVE-2026-42879 FacturaScripts: Authenticated Remote Code Execution (RCE) via GIF Image Upload in Product Images
FacturaScripts is an open source accounting and invoicing software. In 2025.81 and earlier, an authenticated unrestricted file upload vulnerability exists in FacturaScripts' product image upload functionality. An attacker with valid credentials can upload a PHP file disguised as a GIF image using...
CVE-2026-42879
FacturaScripts is an open source accounting and invoicing software. In 2025.81 and earlier, an authenticated unrestricted file upload vulnerability exists in FacturaScripts' product image upload functionality. An attacker with valid credentials can upload a PHP file disguised as a GIF image using...
EUVD-2004-2689
Malware in sbrugna...
WordPress WooCommerce 7.1.0 Remote Code Execution
Title: Wordpress Plugin WooCommerce v7.1.0 - Remote Code ExecutionRCE Date: 2022-12-07 Author: Milad Karimi Vendor Homepage: https://wordpress.org/plugins/woocommerce Software Link: https://wordpress.org/plugins/woocommerce Tested on: windows 10 , firefox Version: 7.1.0 CVE : N/A Description:...
Online Shopping Portal 3.1 - Authentication Bypass Vulnerability
Exploit for php platform in category web applications Exploit Title: Online Shopping Portal 3.1 - Authentication Bypass Exploit Author: Ümit Yalçın Vendor Homepage: https://phpgurukul.com/shopping-portal-free-download/ Version: 3.1 Tested on: Windows 10 / WampServer 1- Authentication Bypass Go to...
CVE-2018-17058
An issue was discovered in JABA XPress Online Shop through 2018-09-14. It contains an arbitrary file upload vulnerability in the picture-upload feature of ProductEdit.aspx. An authenticated attacker may bypass the frontend filename validation and upload an arbitrary file via FileUploader.aspx.cs ...
Mobile Window Shopping Climbs, But Sites Are Still Failing Users
This Diwali we saw mobile usage increase 24% over 2018, at the expense of desktop and tablet devices, as mobile shoppers continued to research before buying, even while in a store. At the same time, bounce rates increased, which means shoppers were likely dissatisfied with their experience and...
Shopify: Unpublished Product Images can be disclosed
Hi, This looks like a minor issue but felt like it was something worth reporting. Ideally, a product can be published or remain unpublished on any sales channel. If a product remains unpublished, then no information regarding it must be visible to public including product pictures. But I found an...
UAEPD Shopping Script SQL Injection
uaepd script Multiple Sql Injection Vulnerabilty ==================================================================== .:. Author : AtT4CKxT3rR0r1ST .:. Contact : [email protected] , [email protected] .:. Home : http://www.iphobos.com/blog/ .:. Script : http://www.uaepd.net/ .:. Dork :...
EFF Raises Questions on Privacy Leaks in Ubuntu
The EFF is warning users of Ubuntu’s latest release that the open-source operating system sends their search queries to third parties, including Amazon, by default, and that some of their search results may be viewable by other users on the same network. The privacy leaks are present in Ubuntu...
Bitcart Remote File Upload
Exploit for php platform in category web applications Exploit Title: Bitcart Remote File Upload Date: 23/08/2012 Author: DaOne @LibyanCA Vendor: http://www.bit-cart.com/ Price: $399 Google dork: intext:"Shopping cart developed By Bitwords Media" Exploit http://site.com/upload.php Find Your Ev!L o...
MobileCartly 1.0 Remote File Upload Vulnerability
Exploit for php platform in category web applications Exploit Title: MobileCartly 1.0 Remote File Upload Vulnerability Google Dork: - Date: 14/08/2012 Exploit Author: ICheerNo0M Vendor Homepage: http://icheernoom.blogspot.com/ Software Link: http://mobilecartly.com/mobilecartly.zip Version: 1.0...
CVE-2004-2699
CVE-2004-2699 : deleteicon.aspx in AspDotNetStorefront 3.3 allows an unauthenticated remote attacker to delete arbitrary product images by modifying the ProductID parameter. This affects image integrity (partial impact) per the NVD CVSS2 vector (AV:N/AC:M/Au:N/C:N/I:P/A:N) with a base score of 4....
CVE-2004-2699
deleteicon.aspx in AspDotNetStorefront 3.3 allows remote attackers to delete arbitrary product images via a modified ProductID parameter...
CVE-2004-2699
deleteicon.aspx in AspDotNetStorefront 3.3 allows remote attackers to delete arbitrary product images via a modified ProductID parameter...