21 matches found
CVE-2019-25496
osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the productsid parameter. Attackers can modify the productsid value in productinfo.php requests and append boolean-based SQL injection...
CVE-2019-25496
osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the productsid parameter. Attackers can modify the productsid value in productinfo.php requests and append boolean-based SQL injection...
CVE-2019-25496
osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the productsid parameter. Attackers can modify the productsid value in productinfo.php requests and append boolean-based SQL injection...
CVE-2019-25496 osCommerce 2.3.4.1 SQL Injection via products_id Parameter
osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the productsid parameter. Attackers can modify the productsid value in productinfo.php requests and append boolean-based SQL injection...
PT-2026-22364
osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the products id parameter. Attackers can modify the products id value in product info.php requests and append boolean-based SQL injection...
CVE-2025-24496
CVE-2025-24496 affects Tenda AC6 V5.0 V02.03.01.110. The information-disclosure flaw resides in /goform/getproductInfo; Talos notes an authentication bypass when requesting this URL, allowing a non-authenticated retrieval of module data via the generic getter, potentially exposing configuration d...
Tenda AC6 V5.0 /goform/getproductInfo information disclosure vulnerability
Talos Vulnerability Report TALOS-2025-2164 Tenda AC6 V5.0 /goform/getproductInfo information disclosure vulnerability August 20, 2025 CVE Number CVE-2025-24496 SUMMARY An information disclosure vulnerability exists in the /goform/getproductInfo functionality of Tenda AC6 V5.0 V02.03.01.110...
Genexis Tilgin Home Gateway Cross-Site Scripting Vulnerability
Genexis Tilgin Home Gateway is a series of home gateways from Genexis, a South Korean company. A cross-site scripting vulnerability exists in the Genexis Tilgin Fiber Home Gateway HG1522 CSx000-01090112 version, which stems from the fact that manipulation of the parameter productinfo can lead to...
AMD Data Breach: IntelBroker Claims Theft of Employee and Product Info
Advanced Micro Devices, Inc. AMD has apparently been breached by IntelBroker, a notorious hacker from the Breach Forums --- AMD has not yet confirmed the breach...
CVE-2024-3649
The Contact Form by WPForms – Drag & Drop Form Builder for WordPress plugin for WordPress is vulnerable to price manipulation in versions up to, and including, 1.8.7.2. This is due to a lack of controls on several product parameters. This makes it possible for unauthenticated attackers to...
CVE-2023-43703
Os Commerce is currently susceptible to a Cross-Site Scripting XSS vulnerability. This vulnerability allows attackers to inject JS through the "productinfoname" parameter, potentially leading to unauthorized execution of scripts within a user's web browser...
Cross site scripting
A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to modify product information...
Siemens SIMATIC SCALANCE Device Detection (SNMP)
SNMP based detection of Siemens SIMATIC SCALANCE devices. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...
openSUSE: Security Advisory for freerdp (openSUSE-SU-2017:2332-1)
The remote host is missing an update for the Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Security update for freerdp (important)
This update for freerdp fixes the following issues: - CVE-2017-2834: Out-of-bounds write in licenserecv bsc1050714 - CVE-2017-2835: Out-of-bounds write in rdprecvtpktpdu bsc1050712 - CVE-2017-2836: Rdp Client Read Server Proprietary Certificate Denial of Service bsc1050699 - CVE-2017-2837: Client...
whatmusic.com XSS vulnerability
Open Bug Bounty ID: OBB-280419 Description| Value ---|--- Affected Website:| whatmusic.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
FreeRDP Rdp Client License Read Product Info Denial of Service Vulnerability
Summary An exploitable denial of service vulnerability exists within the handling of challenge packets in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge packet can cause the program termination leading to a denial of service condition. An attacker can compromise the server or use ma...
WebMartIndia CMS 2016 Q1 - SQL Injection Vulnerability
Document Title: =============== WebMartIndia CMS 2016 Q1 - SQL Injection Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1681 Release Date: ============= 2016-01-26 Vulnerability Laboratory ID VL-ID: ==================================== 167...
oscommerce authentication bypass
No description provided by source. This is a bug on old oscommerce / creloaded i just didn't find it in the exploit-db database on the search. Exploit Title: OsCommerce/Creloaded tell a friend authentication bypass Date: 04/02/2010 Author: Nicolas Krassas Version: $Id: tellafriend.php,v 1.1.1.1...
oscommerce authentication bypass
Exploit for php platform in category web applications This is a bug on old oscommerce / creloaded i just didn't find it in the exploit-db database on the search. Exploit Title: OsCommerce/Creloaded tell a friend authentication bypass Date: 04/02/2010 Author: Nicolas Krassas Version: $Id:...