CVE-2007-0258

Cross-site scripting XSS vulnerability in index.php in 1 Fastilo 2.0 and 2 Open Solution Quick.Cart 2.0 allows remote attackers to inject arbitrary web script or HTML via the p parameter. NOTE: some of these details are obtained from third party information...

CVE-2007-0258

CVE-2007-0258 is an XSS vulnerability in the web application code paths for 1) Fastilo 2.0 and 2) Open Solution Quick.Cart 2.0, specifically in index.php where the p parameter can be used to inject arbitrary script/HTML. The connected sources consistently describe the issue as a cross-site script...

CVE-2006-6391

Multiple directory traversal vulnerabilities in Open Solution Quick.Cart 2.0, when registerglobals is enabled and magicquotesgpc is disabled, allow remote attackers to include arbitrary files via a .. dot dot in the configdbtype parameter to 1 actionsadmin/other.php and 2 actionsclient/gallery.ph...

CVE-2006-6391

CVE-2006-6391 affects Open Solution Quick.Cart 2.0. The issue is a directory traversal vulnerability that allows remote attackers to include arbitrary files via a .. in the config[db_type] parameter sent to actions_admin/other.php and actions_client/gallery.php when register_globals is enabled an...

CVE-2006-6390

CVE-2006-6390 concerns multiple directory traversal vulnerabilities in Open Solution Quick.Cart 2.0 . When register_globals is enabled and magic_quotes_gpc is disabled, remote attackers can exploit a .. path in the config[db_type] parameter to (1) categories.php, (2) couriers.php, (3) orders.php,...

CVE-2006-6390

Multiple directory traversal vulnerabilities in Open Solution Quick.Cart 2.0, when registerglobals is enabled and magicquotesgpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. dot dot in the configdbtype parameter to 1 categories.php, 2 couriers.php, 3...