CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

securityvulns•added 2010/04/19 12:0 a.m.•37 views

VUPEN Web Security Research - WebAsyst Shop-Script Multiple Input Validation Vulnerabilities

VUPEN Web Security Research - WebAsyst Shop-Script Multiple Input Validation Vulnerabilities http://www.vupen.com/english/research-web.php I. BACKGROUND --------------------- "WebAsyst Shop-Script FREE - simple and free PHP shopping cart script. It provides basic shopping cart functionality and...

0.1AI score

NVD•added 2010/04/16 7:30 p.m.•6 views

CVE-2010-1463

Multiple SQL injection vulnerabilities in WebAsyst Shop-Script FREE allow attackers to execute arbitrary SQL commands via the 1 add2cart, 2 cid, 3 categoryID, 4 listprice, 5 name, 6 newoffer, 7 price, 8 productcode, 9 productID, 10 rating, and 11 saveproduct parameters...

7.5CVSS8.4AI score0.00306EPSS

Prion•added 2010/04/16 7:30 p.m.•7 views

Sql injection

7.5CVSS9.1AI score0.00306EPSS

NVD•added 2010/04/16 7:30 p.m.•6 views

CVE-2010-1462

Directory traversal vulnerability in WebAsyst Shop-Script FREE has unknown impact and attack vectors via the sub parameter...

10CVSS6.5AI score0.00129EPSS

Prion•added 2010/04/16 7:30 p.m.•11 views

Directory traversal

Directory traversal vulnerability in WebAsyst Shop-Script FREE has unknown impact and attack vectors via the sub parameter...

10CVSS7.1AI score0.00129EPSS

Cvelist•added 2010/04/16 7:0 p.m.•12 views

CVE-2010-1462

Directory traversal vulnerability in WebAsyst Shop-Script FREE has unknown impact and attack vectors via the sub parameter...

6.5AI score0.00129EPSS

CVE•added 2010/04/16 7:0 p.m.•45 views

CVE-2010-1462

CVE-2010-1462 affects WebAsyst Shop-Script FREE and is a directory traversal vulnerability exploitable through the sub parameter. The known impact is described as unknown in the CVE entry; the NVD entry lists a base score of 10.0 (HIGH) with network attack vector and complete impact on confidenti...

10CVSS6.7AI score0.00129EPSS

CVE•added 2010/04/16 7:0 p.m.•38 views

CVE-2010-1463

CVE-2010-1463 concerns multiple SQL injection vulnerabilities in WebAsyst Shop-Script FREE. According to the NVD entry, an attacker can execute arbitrary SQL commands through a set of parameters: add2cart, c_id, categoryID, list_price, name, new_offer, price, product_code, productID, rating, and ...

7.5CVSS8.7AI score0.00306EPSS

CVE•added 2010/04/16 7:0 p.m.•40 views

CVE-2010-1464

The CVE-2010-1464 entry describes multiple reflected XSS vulnerabilities in WebAsyst Shop-Script FREE, exploitable via the parameters currency_id_left, currency_id_right, darkcolor, lightcolor, middlecolor, and w. The underlying issue is an XSS input handling weakness that permits remote attacker...

4.3CVSS5.9AI score0.00322EPSS

Prion•added 2007/09/18 6:17 p.m.•14 views

Code injection

Direct static code injection vulnerability in includes/admin/sub/confappearence.php in Shop-Script FREE 2.0 and earlier allows remote attackers to inject arbitrary PHP code into cfg/appearence.inc.php via a saveappearence action in admin.php, as demonstrated with the 1 productscount, 2 colscount,...

7.5CVSS7.7AI score0.05782EPSS

Prion•added 2007/09/18 6:17 p.m.•10 views

Code injection

admin.php in Shop-Script FREE 2.0 and earlier sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to access the admin panel...

7.5CVSS6.9AI score0.06345EPSS

Exploits0References5Affected Software1

Cvelist•added 2007/09/18 6:0 p.m.•14 views

CVE-2007-4932

6.7AI score0.06345EPSS

Exploits0References5

CVE•added 2007/09/18 6:0 p.m.•49 views

CVE-2007-4933

Direct static code injection vulnerability in includes/admin/sub/conf_appearence.php within Shop-Script FREE 2.0 and earlier allows remote attackers to inject arbitrary PHP into cfg/appearence.inc.php via the save_appearence action in admin.php, demonstrated with (1) productscount, (2) colscount,...

7.5CVSS7.2AI score0.05782EPSS

Cvelist•added 2007/09/18 6:0 p.m.•21 views

CVE-2007-4933

7.2AI score0.05782EPSS

Packet Storm•added 2007/09/18 12:0 a.m.•23 views

shopscript-exec.txt

?php Shop-Script FREE = 2.0 Remote Command Execution Exploit by InATeam tested on versions 1.2 and 2.0 works regardless magicquotesgpc=on Greetz: eXp, Kuzya, cxim, Russian, ENFIX echo "--------------------------------------------------------\n"; echo "Shop-Script FREE = 2.0 Remote Command Executi...

7.4AI score

seebug.org•added 2007/09/18 12:0 a.m.•21 views

Shop-Script FREE <= 2.0 Remote Command Execution Exploit

No description provided by source. ?php Shop-Script FREE = 2.0 Remote Command Execution Exploit by InATeam tested on versions 1.2 and 2.0 works regardless magicquotesgpc=on Greetz: eXp, Kuzya, cxim, Russian, ENFIX echo "--------------------------------------------------------\n"; echo "Shop-Scrip...

7.1AI score

exploitpack•added 2007/09/17 12:0 a.m.•8 views

Shop-Script FREE 2.0 - Remote Command Execution

Shop-Script FREE 2.0 - Remote Command Execution ?php Shop-Script FREE = 2.0 Remote Command Execution Exploit by InATeam tested on versions 1.2 and 2.0 works regardless magicquotesgpc=on Greetz: eXp, Kuzya, cxim, Russian, ENFIX echo "--------------------------------------------------------\n"; ech...

7.7AI score