64 matches found
Webasyst Shop-Script Blind SQL Injection
".$res; if!pregmatch"/Subquery returns/", $result $res .= chr$j; break; echo $out; ifsubstrst...
VUPEN Web Security Research - WebAsyst Shop-Script Multiple Input Validation Vulnerabilities
VUPEN Web Security Research - WebAsyst Shop-Script Multiple Input Validation Vulnerabilities http://www.vupen.com/english/research-web.php I. BACKGROUND --------------------- "WebAsyst Shop-Script FREE - simple and free PHP shopping cart script. It provides basic shopping cart functionality and...
CVE-2010-1464
Multiple cross-site scripting XSS vulnerabilities in WebAsyst Shop-Script FREE allow remote attackers to inject arbitrary web script or HTML via the 1 currencyidleft, 2 currencyidright, 3 darkcolor, 4 lightcolor, 5 middlecolor, and 6 w parameters...
CVE-2010-1462
Directory traversal vulnerability in WebAsyst Shop-Script FREE has unknown impact and attack vectors via the sub parameter...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in WebAsyst Shop-Script FREE allow remote attackers to inject arbitrary web script or HTML via the 1 currencyidleft, 2 currencyidright, 3 darkcolor, 4 lightcolor, 5 middlecolor, and 6 w parameters...
CVE-2010-1463
Multiple SQL injection vulnerabilities in WebAsyst Shop-Script FREE allow attackers to execute arbitrary SQL commands via the 1 add2cart, 2 cid, 3 categoryID, 4 listprice, 5 name, 6 newoffer, 7 price, 8 productcode, 9 productID, 10 rating, and 11 saveproduct parameters...
Directory traversal
Directory traversal vulnerability in WebAsyst Shop-Script FREE has unknown impact and attack vectors via the sub parameter...
Sql injection
Multiple SQL injection vulnerabilities in WebAsyst Shop-Script FREE allow attackers to execute arbitrary SQL commands via the 1 add2cart, 2 cid, 3 categoryID, 4 listprice, 5 name, 6 newoffer, 7 price, 8 productcode, 9 productID, 10 rating, and 11 saveproduct parameters...
CVE-2010-1464
The CVE-2010-1464 entry describes multiple reflected XSS vulnerabilities in WebAsyst Shop-Script FREE, exploitable via the parameters currency_id_left, currency_id_right, darkcolor, lightcolor, middlecolor, and w. The underlying issue is an XSS input handling weakness that permits remote attacker...
CVE-2010-1462
CVE-2010-1462 affects WebAsyst Shop-Script FREE and is a directory traversal vulnerability exploitable through the sub parameter. The known impact is described as unknown in the CVE entry; the NVD entry lists a base score of 10.0 (HIGH) with network attack vector and complete impact on confidenti...
CVE-2010-1463
CVE-2010-1463 concerns multiple SQL injection vulnerabilities in WebAsyst Shop-Script FREE. According to the NVD entry, an attacker can execute arbitrary SQL commands through a set of parameters: add2cart, c_id, categoryID, list_price, name, new_offer, price, product_code, productID, rating, and ...
CVE-2010-1463
Multiple SQL injection vulnerabilities in WebAsyst Shop-Script FREE allow attackers to execute arbitrary SQL commands via the 1 add2cart, 2 cid, 3 categoryID, 4 listprice, 5 name, 6 newoffer, 7 price, 8 productcode, 9 productID, 10 rating, and 11 saveproduct parameters...
CVE-2010-1462
Directory traversal vulnerability in WebAsyst Shop-Script FREE has unknown impact and attack vectors via the sub parameter...
CVE-2010-1464
Multiple cross-site scripting XSS vulnerabilities in WebAsyst Shop-Script FREE allow remote attackers to inject arbitrary web script or HTML via the 1 currencyidleft, 2 currencyidright, 3 darkcolor, 4 lightcolor, 5 middlecolor, and 6 w parameters...
WebAsyst Shop-Script PREMIUM - 'SearchString' Cross-Site Scripting
source: https://www.securityfocus.com/bid/43380/info Shop-Script PREMIUM is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in th...
WebAsyst Shop-Script (bSQL/XSS) Multiple Remote Vulnerabilities
Exploit for unknown platform in category web applications =============================================================== WebAsyst Shop-Script bSQL/XSS Multiple Remote Vulnerabilities ===============================================================...
webasyst shop-script - Blind SQL Injection Cross-Site Scripting
webasyst shop-script - Blind SQL Injection Cross-Site Scripting ============================================================================================= Title : Blind SQL/XSS Multiple Remote Vulnerabilities Software : WebAsyst Shop-Script Vendor : http://www.webasyst.net Date : 03 July 2009...
WebAsyst Shop-Script (bSQL/XSS) Multiple Remote Vulnerabilities
No description provided by source. ============================================================================================= Title : Blind SQL/XSS Multiple Remote Vulnerabilities Software : WebAsyst Shop-Script Vendor : http://www.webasyst.net Date : 03 July 2009 Indonesia Author : Vrs-hCk...
webasyst shop-script - Blind SQL Injection / Cross-Site Scripting
============================================================================================= Title : Blind SQL/XSS Multiple Remote Vulnerabilities Software : WebAsyst Shop-Script Vendor : http://www.webasyst.net Date : 03 July 2009 Indonesia Author : Vrs-hCk Contact : [email protected] Blog :...
WebAsyst Shop-Script - index.php Cross-Site Scripting
WebAsyst Shop-Script - index.php Cross-Site Scripting source: https://www.securityfocus.com/bid/43661/info WebAsyst Shop-Script is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary...