EUVD-2005-1824

Malware in sbrugna...

EUVD-2005-1825

Malware in sbrugna...

EUVD-2006-4891

Malware in sbrugna...

EUVD-2009-3573

Malware in sbrugna...

X-Cart < 4.1.3 - Arbitrary Variable Overwrite Vulnerability

Exploit for php platform in category web applications X-Cart Arbitrary Variable Overwrite Vendor: Qualiteam Product: X-Cart Version: $value $$var = $value; As we can see every single post variable is dynamically evaluated. This is especially dangerous because register globals and magic q...

X-Cart &lt; 4.1.3 - Arbitrary Variable Overwrite

X-Cart Arbitrary Variable Overwrite Vendor: Qualiteam Product: X-Cart Version: $value $$var = $value; As we can see every single post variable is dynamically evaluated. This is especially dangerous because register globals and magic quotes gpc settings do not affect an attackers ability to...

X-Cart 4.1.3 - Arbitrary Variable Overwrite

X-Cart 4.1.3 - Arbitrary Variable Overwrite X-Cart Arbitrary Variable Overwrite Vendor: Qualiteam Product: X-Cart Version: $value $$var = $value; As we can see every single post variable is dynamically evaluated. This is especially dangerous because register globals and magic quotes gpc settings ...

X_CART Installation Script Cross Site Scripting Vulnerability

XCART is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:qualiteam:x-cart";...

Qualiteam X-Cart 4.0.8 giftcert.php Multiple Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/13817/info X-Cart is prone to SQL injection and cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. These vulnerabilities could permit remot...

Qualiteam X-Cart 4.0.8 giftcert.php Multiple Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/13817/info X-Cart is prone to SQL injection and cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. These vulnerabilities could permit remot...

Qualiteam X-Cart 4.0.8 home.php Multiple Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/13817/info X-Cart is prone to SQL injection and cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. These vulnerabilities could permit remot...

Qualiteam X-Cart 3.x Multiple Remote Information Disclosure Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/9563/info X-Cart has been reported to be prone to an issue that may allow remote attackers to view any web server readable files on the affected system. The issue is caused by a failure of the application to sanitize valu...

Qualiteam X-Cart 4.0.8 error_message.php id Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/13817/info X-Cart is prone to SQL injection and cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. These vulnerabilities could permit remot...

Qualiteam X-Cart 'cart.php' SQL Injection Vulnerability

Exploit for unknown platform in category web applications ======================================================= Qualiteam X-Cart 'cart.php' SQL Injection Vulnerability ======================================================= Vulnerable: Qualiteam X-Cart 4.0.17 Qualiteam X-Cart 4.0.13 Qualiteam...

Cross site scripting

Cross-site scripting XSS vulnerability in customer/home.php in Qualiteam X-Cart allows remote attackers to inject arbitrary web script or HTML via the email parameter in a subscribed action, a different vector than CVE-2005-1823...

CVE-2009-3592

Cross-site scripting XSS vulnerability in customer/home.php in Qualiteam X-Cart allows remote attackers to inject arbitrary web script or HTML via the email parameter in a subscribed action, a different vector than CVE-2005-1823...

CVE-2009-3592

Cross-site scripting XSS vulnerability in customer/home.php in Qualiteam X-Cart allows remote attackers to inject arbitrary web script or HTML via the email parameter in a subscribed action, a different vector than CVE-2005-1823...

CVE-2009-3592

CVE-2009-3592 is a documented XSS in Qualiteam X-Cart. The vulnerability affects the customer/home.php path via the email parameter in a subscribed action, allowing remote attackers to inject arbitrary script/HTML. This is a distinct vector from CVE-2005-1823. The entry carries a MEDIUM risk (CVS...

Qualiteam X-Cart远程命令执行漏洞

BUGTRAQ: 9560 X-Cart没有充分过滤URI的参数值，远程攻击者可以利用这个漏洞以WEB进程权限执行任意命令。 问题存在与'admin/general.php'脚本上，由于对perlbinary参数值缺少充分过滤，提交任意SHELL命令，可导致以WEB进程权限在系统上执行任意命令。 Qualiteam X-Cart 3.4.11 Qualiteam X-Cart 3.4.3 Qualiteam X-Cart 3.4 .0 Qualiteam X-Cart 3.3.2 Qualiteam X-Cart 3.3 .0 Qualiteam X-Cart 3.2.1 Qualite...

Qualiteam X-Cart多个远程信息泄露漏洞

BUGTRAQ: 9563 X-Cart没有充分过滤URI的参数值，远程攻击者可以利用这个漏洞以WEB进程权限查看任意文件内容或获得敏感信息。 'customer/auth.php'脚本对'shopclosedfile'参数缺少充分过滤，攻击者提交包含多个'../'字符的参数，可绕过WEB ROOT限制，以WEB进程权限查看任意文件内容。 另外'admin/general.php'脚本对'mode'参数也缺少充分限制，提交特殊参数可获得PHP和PERL程序的详细信息。 X-Cart 3.4.3 厂商补丁： Qualiteam ---------...