CVE-2005-1003

Directory traversal vulnerability in index.php for ProfitCode PayProCart 3.0 allows remote attackers to include arbitrary PHP files via .. dot dot sequences in the modID parameter...

PayProCart30.txt

This is a multi-part message in MIME format. ------=NextPart000000601C5395C.BF487B20 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dcrab 's Security Advisory Hsc Security Group http://www.hackerscenter.com/...

CVE-2005-1004

Cross-site scripting XSS vulnerability in usrdetails.php in ProfitCode PayProCart 3.0 allows remote attackers to inject arbitrary web script or HTML via the sgnuptype parameter...

CVE-2005-1005

CVE-2005-1005 affects ProfitCode PayProCart 3.0. The vulnerability allows remote attackers to bypass authentication and gain administrative privileges in the admin control panel by issuing a direct request to adminshop/index.php containing hex-encoded .. sequences in the ftoedit parameter, enabli...

CVE-2005-1003

CVE-2005-1003 affects ProfitCode PayProCart 3.0: a directory traversal in index.php via the modID parameter allows remote inclusion of arbitrary PHP files. The root cause is improper validation of .. (dot dot) sequences leading to file inclusion. Impact is remote code execution potential, as desc...

CVE-2005-1003

Directory traversal vulnerability in index.php for ProfitCode PayProCart 3.0 allows remote attackers to include arbitrary PHP files via .. dot dot sequences in the modID parameter...

CVE-2005-1005

ProfitCode PayProCart 3.0 allows remote attackers to bypass authentication and gain administrative privileges to the admin control panel, as demonstrated via a direct request to adminshop/index.php with hex-encoded .. sequences in the ftoedit parameter...

CVE-2005-1004

The CVE-2005-1004 issue affects ProfitCode PayProCart 3.0, where an XSS flaw exists in usrdetails.php exploitable via the sgnuptype parameter. The vulnerability is reflected XSS with no authentication, allowing an attacker to inject script/html in the context of the victim’s browser (I:P, C:N). I...

Authenticaion bypass, Directory transversal and XSS vulnerabilities in PayProCart 3.0 - Profitcode Software

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dcrab 's Security Advisory Hsc Security Group http://www.hackerscenter.com/ dP Security http://digitalparadox.org/ Get Dcrab's Services to audit your Web servers, scripts, networks, etc. Learn more at http://www.digitalparadox.org/services.ah Severity...

profitcode software payprocart 3.0 - Directory Traversal

source: https://www.securityfocus.com/bid/13006/info ProfitCode Software PayProCart may allow a remote attacker to carry out directory traversal attacks. It is reported that this issue can be exploited by issuing a specially crafted HTTP GET request and supplying directory traversal sequences...