29 matches found
EUVD-2011-0523
Malware in sbrugna...
EUVD-2011-0524
Malware in sbrugna...
vam shop 1.69 - Multiple Vulnerabilities
No description provided by source. Product: VaM Shop Vendor: Vamsoft http://vamshop.ru/ Vulnerable Version: 1,69 and probably prior versions. Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response Risk level: High Credit: Security Effect Teamhttp://seceffect.tumblr.com/ Vulnerability Details...
vam shop 1.6 - Multiple Vulnerabilities
No description provided by source. Vulnerability ID: HTB22780 Reference: http://www.htbridge.ch/advisory/xsrfcsrfinvamshop.html Product: VaM Shop Vendor: Vamsoft http://vamshop.ru/ Vulnerable Version: 1.6 and Probably Prior Versions Vendor Notification: 28 December 2010 Vulnerability Type: CSRF...
VaM Shop v1.69 - Multiple Web Vulnerabilities
Title: ====== VaM Shop v1.69 - Multiple Web Vulnerabilities Date: ===== 2012-10-24 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=730 VL-ID: ===== 730 Common Vulnerability Scoring System: ==================================== 8.1 Introduction: ============= Vendor...
vam shop 1.69 - Multiple Vulnerabilities
vam shop 1.69 - Multiple Vulnerabilities Product: VaM Shop Vendor: Vamsoft http://vamshop.ru/ Vulnerable Version: 1,69 and probably prior versions. Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response Risk level: High Credit: Security Effect Teamhttp://seceffect.tumblr.com/ Vulnerability...
vam shop 1.69 - Multiple Vulnerabilities
Product: VaM Shop Vendor: Vamsoft http://vamshop.ru/ Vulnerable Version: 1,69 and probably prior versions. Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response Risk level: High Credit: Security Effect Teamhttp://seceffect.tumblr.com/ Vulnerability Details: 1. Blind SQL injection in...
VaM Shop 1.69 Cross Site Scripting / SQL Injection
Title: ====== VaM Shop v1.69 - Multiple Web Vulnerabilities Date: ===== 2012-10-24 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=730 VL-ID: ===== 730 Common Vulnerability Scoring System: ==================================== 8.1 Introduction: ============= Vendor...
VaM Shop Cross-Site Scripting and Blind SQL Injection Vulnerabilities
Product: VaM Shop Vendor: Vamsoft http://vamshop.ru/ Vulnerable Version: 1,69 and probably prior versions. Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response Risk level: High Credit: Security Effect Teamhttp://seceffect.tumblr.com/ Vulnerability Details: 1. Blind SQL injection in...
VaM Shop 1.69 Cross Site Scripting / SQL Injection Vulnerabilities
VaM Shop version 1.69 suffers from cross site scripting and remote blind SQL injection vulnerabilities. Product: VaM Shop Vendor: Vamsoft http://vamshop.ru/ Vulnerable Version: 1,69 and probably prior versions. Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response Risk level: High Credit:...
VaM Shop 1.69 Cross Site Scripting / SQL Injection
Product: VaM Shop Vendor: Vamsoft http://vamshop.ru/ Vulnerable Version: 1,69 and probably prior versions. Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response Risk level: High Credit: Security Effect Teamhttp://seceffect.tumblr.com/ Vulnerability Details: 1. Blind SQL injection in...
VaM Shop v1.69 - Multiple Web Vulnerabilities
Document Title: =============== VaM Shop v1.69 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=730 Release Date: ============= 2012-10-23 Vulnerability Laboratory ID VL-ID: ==================================== 730 Common...
CVE-2011-0504
Multiple cross-site scripting XSS vulnerabilities in VaM Shop 1.6, 1.6.1, and probably earlier versions llow remote attackers to inject arbitrary web script or HTML via the 1 status parameter to admin/orders.php, 2 search parameter to admin/customers.php, or 3 STORENAME parameter to...
CVE-2011-0503
Cross-site request forgery CSRF vulnerability in VaM Shop 1.6, 1.6.1, and probably earlier versions allows remote attackers to hijack the authentication of administrators for requests that 1 change user status via admin/customers.php or 2 change user permissions via admin/accounting.php. NOTE: so...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in VaM Shop 1.6, 1.6.1, and probably earlier versions allows remote attackers to hijack the authentication of administrators for requests that 1 change user status via admin/customers.php or 2 change user permissions via admin/accounting.php. NOTE: so...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in VaM Shop 1.6, 1.6.1, and probably earlier versions llow remote attackers to inject arbitrary web script or HTML via the 1 status parameter to admin/orders.php, 2 search parameter to admin/customers.php, or 3 STORENAME parameter to...
CVE-2011-0504
Multiple cross-site scripting XSS vulnerabilities in VaM Shop 1.6, 1.6.1, and probably earlier versions llow remote attackers to inject arbitrary web script or HTML via the 1 status parameter to admin/orders.php, 2 search parameter to admin/customers.php, or 3 STORENAME parameter to...
CVE-2011-0503
Cross-site request forgery CSRF vulnerability in VaM Shop 1.6, 1.6.1, and probably earlier versions allows remote attackers to hijack the authentication of administrators for requests that 1 change user status via admin/customers.php or 2 change user permissions via admin/accounting.php. NOTE: so...
CVE-2011-0503
CVE-2011-0503 is a CSRF in VaM Shop (versions 1.6, 1.6.1 and likely earlier) where requests from an authenticated admin could change user status (admin/customers.php) or modify user permissions (admin/accounting.php). The root cause is insufficient validation of the request origin in several admi...
CVE-2011-0504
CVE-2011-0504 affects VaM Shop versions 1.6 and 1.6.1 (and possibly earlier). The issue is multiple cross-site scripting (XSS) vulnerabilities caused by insufficient input sanitization in admin/orders.php (parameter: status), admin/customers.php (parameter: search), and admin/configuration.php (p...