28 matches found
EUVD-2007-1849
Malware in sbrugna...
EUVD-2007-4914
Malware in sbrugna...
Shop-Script FREE <= 2.0 - Remote Command Execution Exploit
No description provided by source. ?php Shop-Script FREE = 2.0 Remote Command Execution Exploit by InATeam tested on versions 1.2 and 2.0 works regardless magicquotesgpc=on Greetz: eXp, Kuzya, cxim, Russian, ENFIX echo --------------------------------------------------------\n; echo Shop-Script...
VUPEN Web Security Research - WebAsyst Shop-Script Multiple Input Validation Vulnerabilities
VUPEN Web Security Research - WebAsyst Shop-Script Multiple Input Validation Vulnerabilities http://www.vupen.com/english/research-web.php I. BACKGROUND --------------------- "WebAsyst Shop-Script FREE - simple and free PHP shopping cart script. It provides basic shopping cart functionality and...
CVE-2010-1462
Directory traversal vulnerability in WebAsyst Shop-Script FREE has unknown impact and attack vectors via the sub parameter...
Sql injection
Multiple SQL injection vulnerabilities in WebAsyst Shop-Script FREE allow attackers to execute arbitrary SQL commands via the 1 add2cart, 2 cid, 3 categoryID, 4 listprice, 5 name, 6 newoffer, 7 price, 8 productcode, 9 productID, 10 rating, and 11 saveproduct parameters...
Directory traversal
Directory traversal vulnerability in WebAsyst Shop-Script FREE has unknown impact and attack vectors via the sub parameter...
CVE-2010-1463
Multiple SQL injection vulnerabilities in WebAsyst Shop-Script FREE allow attackers to execute arbitrary SQL commands via the 1 add2cart, 2 cid, 3 categoryID, 4 listprice, 5 name, 6 newoffer, 7 price, 8 productcode, 9 productID, 10 rating, and 11 saveproduct parameters...
CVE-2010-1463
CVE-2010-1463 concerns multiple SQL injection vulnerabilities in WebAsyst Shop-Script FREE. According to the NVD entry, an attacker can execute arbitrary SQL commands through a set of parameters: add2cart, c_id, categoryID, list_price, name, new_offer, price, product_code, productID, rating, and ...
CVE-2010-1464
The CVE-2010-1464 entry describes multiple reflected XSS vulnerabilities in WebAsyst Shop-Script FREE, exploitable via the parameters currency_id_left, currency_id_right, darkcolor, lightcolor, middlecolor, and w. The underlying issue is an XSS input handling weakness that permits remote attacker...
CVE-2010-1462
Directory traversal vulnerability in WebAsyst Shop-Script FREE has unknown impact and attack vectors via the sub parameter...
CVE-2010-1462
CVE-2010-1462 affects WebAsyst Shop-Script FREE and is a directory traversal vulnerability exploitable through the sub parameter. The known impact is described as unknown in the CVE entry; the NVD entry lists a base score of 10.0 (HIGH) with network attack vector and complete impact on confidenti...
Code injection
admin.php in Shop-Script FREE 2.0 and earlier sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to access the admin panel...
Code injection
Direct static code injection vulnerability in includes/admin/sub/confappearence.php in Shop-Script FREE 2.0 and earlier allows remote attackers to inject arbitrary PHP code into cfg/appearence.inc.php via a saveappearence action in admin.php, as demonstrated with the 1 productscount, 2 colscount,...
CVE-2007-4932
admin.php in Shop-Script FREE 2.0 and earlier sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to access the admin panel...
CVE-2007-4933
Direct static code injection vulnerability in includes/admin/sub/confappearence.php in Shop-Script FREE 2.0 and earlier allows remote attackers to inject arbitrary PHP code into cfg/appearence.inc.php via a saveappearence action in admin.php, as demonstrated with the 1 productscount, 2 colscount,...
CVE-2007-4933
Direct static code injection vulnerability in includes/admin/sub/conf_appearence.php within Shop-Script FREE 2.0 and earlier allows remote attackers to inject arbitrary PHP into cfg/appearence.inc.php via the save_appearence action in admin.php, demonstrated with (1) productscount, (2) colscount,...
Shop-Script FREE <= 2.0 Remote Command Execution Exploit
No description provided by source. ?php Shop-Script FREE = 2.0 Remote Command Execution Exploit by InATeam tested on versions 1.2 and 2.0 works regardless magicquotesgpc=on Greetz: eXp, Kuzya, cxim, Russian, ENFIX echo "--------------------------------------------------------\n"; echo "Shop-Scrip...
shopscript-exec.txt
?php Shop-Script FREE = 2.0 Remote Command Execution Exploit by InATeam tested on versions 1.2 and 2.0 works regardless magicquotesgpc=on Greetz: eXp, Kuzya, cxim, Russian, ENFIX echo "--------------------------------------------------------\n"; echo "Shop-Script FREE = 2.0 Remote Command Executi...
Shop-Script FREE 2.0 - Remote Command Execution
Shop-Script FREE 2.0 - Remote Command Execution ?php Shop-Script FREE = 2.0 Remote Command Execution Exploit by InATeam tested on versions 1.2 and 2.0 works regardless magicquotesgpc=on Greetz: eXp, Kuzya, cxim, Russian, ENFIX echo "--------------------------------------------------------\n"; ech...