17 matches found
EUVD-2010-1356
Malware in sbrugna...
EUVD-2010-1357
Malware in sbrugna...
CVE-2010-1328
Multiple cross-site scripting XSS vulnerabilities in TornadoStore 1.4.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 tipo or 2 destino parameter to loginregistrese.php3 in the Services section, 3 the rubro parameter to precios.php3 in the Products section, 4...
CVE-2010-1327
Multiple SQL injection vulnerabilities in TornadoStore 1.4.3 and earlier allow remote attackers to execute arbitrary SQL commands via 1 the marca parameter to precios.php3 or 2 the where parameter in a deliverycourier action to control/abmlist.php3...
Sql injection
Multiple SQL injection vulnerabilities in TornadoStore 1.4.3 and earlier allow remote attackers to execute arbitrary SQL commands via 1 the marca parameter to precios.php3 or 2 the where parameter in a deliverycourier action to control/abmlist.php3...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in TornadoStore 1.4.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 tipo or 2 destino parameter to loginregistrese.php3 in the Services section, 3 the rubro parameter to precios.php3 in the Products section, 4...
CVE-2010-1328
TornadoStore 1.4.3 and earlier is affected by multiple reflected XSS vulnerabilities. The issues arise from insufficient sanitization of user-supplied input in several parameters across both the Services, Products, and e-Commerce sections, including login_registrese.php3 (tipo, destino), precios....
CVE-2010-1328
Multiple cross-site scripting XSS vulnerabilities in TornadoStore 1.4.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 tipo or 2 destino parameter to loginregistrese.php3 in the Services section, 3 the rubro parameter to precios.php3 in the Products section, 4...
CVE-2010-1327
CVE-2010-1327 refers to SQL injection in TornadoStore 1.4.3 and earlier. The vulnerability affects the web app via two input points: (1) the precios.php3 script with the vulnerable parameter marca , and (2) the control/abm_list.php33 action for delivery_courier with the where parameter. Exploitat...
CVE-2010-1327
Multiple SQL injection vulnerabilities in TornadoStore 1.4.3 and earlier allow remote attackers to execute arbitrary SQL commands via 1 the marca parameter to precios.php3 or 2 the where parameter in a deliverycourier action to control/abmlist.php3...
TornadoStore 1.4.3 Cross Site Scripting
Bonsai Information Security - Advisory http://www.bonsai-sec.com/research/ Multiple XSS in TornadoStore 1.4.3 1. Advisory Information Title: Multiple XSS in TornadoStore 1.4.3 Advisory ID: BONSAI-2010-0107 Advisory URL:...
TornadoStore 1.4.3 SQL Injection
Bonsai Information Security - Advisory http://www.bonsai-sec.com/research/ Multiple SQL Injection in TornadoStore 1.4.3 1. Advisory Information Title: Multiple SQL Injection in TornadoStore 1.4.3 Advisory ID: BONSAI-2010-0106 Advisory URL:...
TornadoStore 1.4.3 XSS Vulnerability
Exploit for php platform in category web applications ==================================== TornadoStore 1.4.3 XSS Vulnerability ==================================== 1. Advisory Information Title: Multiple XSS in TornadoStore 1.4.3 Advisory ID: BONSAI-2010-0107 Advisory URL:...
TornadoStore 1.4.3 - SQL Injection / HTML Injection
source: https://www.securityfocus.com/bid/41233/info TornadoStore is prone to an SQL-injection vulnerability and an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage these issues to compromise the application, access or modify dat...
TornadoStore 1.4.3 - SQL Injection HTML Injection
TornadoStore 1.4.3 - SQL Injection HTML Injection source: https://www.securityfocus.com/bid/41233/info TornadoStore is prone to an SQL-injection vulnerability and an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage these issues t...
Multiple XSS in TornadoStore 1.4.3
Bonsai Information Security - Advisory http://www.bonsai-sec.com/research/ Multiple XSS in TornadoStore 1.4.3 1. Advisory Information Title: Multiple XSS in TornadoStore 1.4.3 Advisory ID: BONSAI-2010-0107 Advisory URL:...
Multiple SQL Injection in TornadoStore 1.4.3
Bonsai Information Security - Advisory http://www.bonsai-sec.com/research/ Multiple SQL Injection in TornadoStore 1.4.3 1. Advisory Information Title: Multiple SQL Injection in TornadoStore 1.4.3 Advisory ID: BONSAI-2010-0106 Advisory URL:...