41 matches found
PT-2026-45626
ZeusCart 4.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions on behalf of victims by crafting malicious requests. Attackers can deactivate customer accounts via the admin interface by tricking users into visiting attacker-controlled pages...
ZeusCart Cross-Site Request Forgery Vulnerability
ZeusCart is an e-commerce shopping cart system developed by ZeusCart Inc. Version 4.0 of ZeusCart contains a cross-site request forgeing vulnerability. This vulnerability stems from cross-site request forgery, allowing attackers to manipulate user behavior by tricking users into accessing pages...
EUVD-2008-5193
Malware in sbrugna...
EUVD-2014-3805
Malware in sbrugna...
Malicious code in zeuscart (npm)
The package zeuscart was found to contain malicious code...
CVE-2014-3868
Multiple SQL injection vulnerabilities in ZeusCart 4.x...
CVE-2014-3868
CVE-2014-3868 affects the ZeusCart 4.x line with multiple SQL injection vulnerabilities . Exploitation is reported as remote over the network with low attack complexity and low privileges required (CVSS‑3.1: AV:N/AC:L/PR:L/UI:N). The CVSS 3.1 base score is 8.8 (HIGH) , and impacts include confide...
CVE-2014-3868
Multiple SQL injection vulnerabilities in ZeusCart 4.x...
Zeuscart 4.0 Search Cross Site Scripting
Vulnerability: Cross-Site Scripting Vendor: http://www.zeuscart.com Download link: http://zeuscart.com/download/ Affected version: Zeuscart V4 CVSS v3.0 Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Condition: The attack is performed by an "Anonymous User" Payload: "--alert/ITASVN/ Fix version: N/A...
ZeusCart 4 index.php brand&schltr 跨站脚本漏洞
ZeusCart是一个电子商务购物车应用。 ZeusCart处理 brand 和 schltr 参数存在跨站脚本漏洞,远程攻击者可以利用漏洞构建恶意URI,诱使用户解析,可获得敏感Cookie,劫持会话或在客户端上进行恶意操作。 影响系统:ZeusCart 4 CVE ID:CVE-2015-2182 CNCVE ID:CNCVE-20152182 漏洞发布时间:2015-03-10 自行搭建环境进行POC测试:ZeusCart 4.1...
ZeusCart 4 信息泄漏漏洞
No description provided by source. !/usr/bin/env python coding: utf-8 from urlparse import urljoin from pocsuite.net import req from pocsuite.poc import POCBase, Output from pocsuite.utils import register class TestPOCPOCBase: vulID = '11111 ' vul ID version = '1' author = 'Disorder' vulDate =...
ZeusCart 4 index.php search 跨站脚本漏洞
ZeusCart是一个电子商务购物车应用。ZeusCart处理search变量存在跨站脚本漏洞,远程攻击者可以利用漏洞构建恶意URI,诱使用户解析,可获得敏感Cookie,劫持会话或在客户端上进行恶意操作。影响系统:ZeusCart 4发布时间:2015-03-10CVE ID:CVE-2015-2182CNCVE ID:CNCVE-20152182 ----------------------------------本地搭建环境测试POC截图:ZeusCart 4.1测试环境...
ZeusCart 4.0 - Admin SQL注入漏洞
ZeusCart 4.0: SQL Injection Security Advisory – Curesec Research Team 1. Introduction Affected Product: ZeusCart 4.0 Fixed in: not fixed Fixed Version Link: n/a Vendor Contact: [email protected] Vulnerability Type: SQL Injection Remote Exploitable: Yes Reported to vendor: 08/13/2015 Disclosed ...
ZeusCart v4.0 /classes/Core/CFeaturedItems.php SQL注入
ZeusCart 4.0: SQL Injection1.漏洞描述在ZeusCart4.0中存在两个注入漏洞,一个注入不需要任何条件即可exploit,另一个是是发生在admin后台的注入。因为大部分参数都是依赖于简单的过滤,所以很容易由于过滤不全而产生漏洞。2a. Timing based Blind SQL Injection 基于时间的盲注证明:http://localhost/zeuscart-master/index.php?do=featured&action=showmaincatlanding&maincatid=-1AND IFSUBSTRINGversion, 1,...
Multiple SQL Injection Vulnerabilities in ZeusCart
ZeusCart is an open source PHP and Mysql based e-commerce platform. ZeusCart has multiple SQL injection vulnerabilities that can be exploited by remote attackers to execute arbitrary SQL commands...
CVE-2015-2182
Multiple cross-site scripting XSS vulnerabilities in ZeusCart 4 allow remote attackers to inject arbitrary web script or HTML via the 1 schltr parameter in a brands action or 2 brand parameter in a viewbrands action to index.php. NOTE: The search parameter vector is already covered by CVE-2010-53...
CVE-2010-5322
Cross-site scripting XSS vulnerability in ZeusCart 4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter in a search action to index.php...
Cross site scripting
Cross-site scripting XSS vulnerability in ZeusCart 4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter in a search action to index.php...
CVE-2015-2182
Multiple cross-site scripting XSS vulnerabilities in ZeusCart 4 allow remote attackers to inject arbitrary web script or HTML via the 1 schltr parameter in a brands action or 2 brand parameter in a viewbrands action to index.php. NOTE: The search parameter vector is already covered by CVE-2010-53...
CVE-2015-2184
ZeusCart 4 allows remote attackers to obtain configuration information via a getphpinfo action to admin/, which calls the phpinfo function...