EUVD-2010-4918

Malware in sbrugna...

CVE-2010-1359

SQL injection vulnerability in bluegateseo.inc.php in the Direct URL module for xt:Commerce, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the coID parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from...

xt:Commerce 5.4.1 / 6.2.1 / 6.2.2 Improper Access Control Vulnerability

xt:Commerce version 5.4.1, 6.2.1, and 6.2.2 suffer from an improper access control vulnerability. A logged-in customer can create and alter addresses. These addresses are referenced by incrementing IDs. On saving an address, an attacker could change the ID of the address to write the data to. If...

xt:Commerce 5.4.1 / 6.2.1 / 6.2.2 Improper Access Control

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2020-012 Product: xt:Commerce Manufacturer: xt:Commerce GmbH Affected Versions: 5.4.1, 6.2.1, 6.2.2 Tested Versions: 5.4.1, 6.2.1 Vulnerability Type: Improper Access Control CWE-284 Risk Level: Medium Solution Status: Fixed...

CVE-2020-12101

The address-management feature in xt:Commerce 5.1 to 6.2.2 allows remote authenticated users to zero out other user's stored addresses by manipulating an id field in the POST request for altering an address...

CVE-2020-12101

The address-management feature in xt:Commerce 5.1 to 6.2.2 allows remote authenticated users to zero out other user's stored addresses by manipulating an id field in the POST request for altering an address...

CVE-2020-12101

Summary: CVE-2020-12101 affects xt:Commerce 5.1–6.2.2 and is an improper access-control flaw. A logged-in customer can manipulate the address management “id” in the POST request to alter or null other users’ addresses, potentially clearing all addresses in a shop. The root cause is insufficient a...

blum-akupunktur.de Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1109310 Security Researcher metamorfosec Helped patch 1963 vulnerabilities Received 9 Coordinated Disclosure badges Received 31 recommendations , a holder of 9 badges for responsible and coordinated disclosure, found a security vulnerability affecting blum-akupunktur.de...

XT:Commerce 3.04 Index.PHP Local File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/22698/info xt:Commerce is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. Exploiting this issue may allow an unauthorized user to view files and execute local scripts...

xt:Commerce 3.04 XTCsid Parameter Session Fixation

No description provided by source. source: http://www.securityfocus.com/bid/31313/info xt:Commerce is prone to multiple vulnerabilities, including a session-fixation vulnerability and a cross-site scripting vulnerability. An attacker can leverage the session-fixation issue to hijack a session of ...

xt:Commerce Shopsoftware (fckeditor) Arbitrary File Upload Vulnerability

No description provided by source...

XT:Commerce < 3.04 SP2.1 XSS Vulnerability

No description provided by source. ---------------------------------------------------------------------------------- Cross-Site-Scripting XT:Commerce 3.04 SP2.1 ---------------------------------------------------------------------------------- Affected Software .: XT:Commerce 3.04 SP2.1 Venedor...

xt:Commerce 3.04 advanced_search_result.php keywords Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/31313/info xt:Commerce is prone to multiple vulnerabilities, including a session-fixation vulnerability and a cross-site scripting vulnerability. An attacker can leverage the session-fixation issue to hijack a session of ...

xt:Commerce Gambio 2008 - 2010 ERROR Based SQL Injection "reviews.php"

No description provided by source. / / / / / / / / / / // / / / / ///// // Exploit Title: xt:Commerce Gambio 2008 - 2010 ERROR Based SQL Injection reviews.php Date: 2010-09-18 Author: secret Contact : [email protected] / ICQ : 17-33-77 Site : swissfaking.net/board Software Link:...

xt:Commerce VEYTON 4.0.15 (products_name_de) Script Insertion Vulnerability

Exploit for php platform in category web applications xt:Commerce VEYTON 4.0.15 productsnamede Script Insertion Vulnerability form name="XSS" method="POST"...

xt:Commerce VEYTON 4.0.15 - &#039;products_name_de&#039; Script Insertion

xt:Commerce VEYTON 4.0.15 productsnamede Script Insertion Vulnerability input type="hidden" name="dateavailable" valu...

xt:Commerce VEYTON 4.0.15 - products_name_de Script Insertion

xt:Commerce VEYTON 4.0.15 - productsnamede Script Insertion xt:Commerce VEYTON 4.0.15 productsnamede Script Insertion Vulnerability input type="hidden" name="dat...

xt:Commerce VEYTON 4.0.15 Cross Site Scripting

xt:Commerce VEYTON 4.0.15 productsnamede Script Insertion Vulnerability input type="hidden" name="dateavailable" value="2012-08-28 1...

xt:Commerce 3.04 SP2.1 - Blind SQL Injection

+---------------------------------+ | xt:Commerce = v3.04 SP2.1 | | commerce:SEO = v2.1 CE | | Gambio = v2.0.10 SP1.4 | | Time Based Blind SQL Injection | +---------------------------------+ Author.............: Ralf Zimmermann Mail...............: infoATstoffline.com Vendor Homepage....:...

CVE-2011-5011

Multiple cross-site request forgery CSRF vulnerabilities in xt:Commerce 3.0.4 SP2.1 and possibly earlier allow remote attackers to hijack the authentication of Admins for requests that 1 set a New user to Admin via the cID parameter to a statusconfirm action in admin/customers.php and 2 grant...