39 matches found
EUVD-2008-5193
Malware in sbrugna...
EUVD-2014-3805
Malware in sbrugna...
Malicious code in zeuscart (npm)
The package zeuscart was found to contain malicious code...
CVE-2014-3868
Multiple SQL injection vulnerabilities in ZeusCart 4.x...
CVE-2014-3868
Multiple SQL injection vulnerabilities in ZeusCart 4.x...
CVE-2014-3868
CVE-2014-3868 affects the ZeusCart 4.x line with multiple SQL injection vulnerabilities . Exploitation is reported as remote over the network with low attack complexity and low privileges required (CVSS‑3.1: AV:N/AC:L/PR:L/UI:N). The CVSS 3.1 base score is 8.8 (HIGH) , and impacts include confide...
Zeuscart 4.0 Search Cross Site Scripting
Vulnerability: Cross-Site Scripting Vendor: http://www.zeuscart.com Download link: http://zeuscart.com/download/ Affected version: Zeuscart V4 CVSS v3.0 Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Condition: The attack is performed by an "Anonymous User" Payload: "--alert/ITASVN/ Fix version: N/A...
ZeusCart 4 index.php brand&schltr 跨站脚本漏洞
ZeusCart是一个电子商务购物车应用。 ZeusCart处理 brand 和 schltr 参数存在跨站脚本漏洞,远程攻击者可以利用漏洞构建恶意URI,诱使用户解析,可获得敏感Cookie,劫持会话或在客户端上进行恶意操作。 影响系统:ZeusCart 4 CVE ID:CVE-2015-2182 CNCVE ID:CNCVE-20152182 漏洞发布时间:2015-03-10 自行搭建环境进行POC测试:ZeusCart 4.1...
ZeusCart 4 信息泄漏漏洞
No description provided by source. !/usr/bin/env python coding: utf-8 from urlparse import urljoin from pocsuite.net import req from pocsuite.poc import POCBase, Output from pocsuite.utils import register class TestPOCPOCBase: vulID = '11111 ' vul ID version = '1' author = 'Disorder' vulDate =...
ZeusCart 4 index.php search 跨站脚本漏洞
ZeusCart是一个电子商务购物车应用。ZeusCart处理search变量存在跨站脚本漏洞,远程攻击者可以利用漏洞构建恶意URI,诱使用户解析,可获得敏感Cookie,劫持会话或在客户端上进行恶意操作。影响系统:ZeusCart 4发布时间:2015-03-10CVE ID:CVE-2015-2182CNCVE ID:CNCVE-20152182 ----------------------------------本地搭建环境测试POC截图:ZeusCart 4.1测试环境...
ZeusCart 4.0 - Admin SQL注入漏洞
ZeusCart 4.0: SQL Injection Security Advisory – Curesec Research Team 1. Introduction Affected Product: ZeusCart 4.0 Fixed in: not fixed Fixed Version Link: n/a Vendor Contact: [email protected] Vulnerability Type: SQL Injection Remote Exploitable: Yes Reported to vendor: 08/13/2015 Disclosed ...
ZeusCart v4.0 /classes/Core/CFeaturedItems.php SQL注入
ZeusCart 4.0: SQL Injection1.漏洞描述在ZeusCart4.0中存在两个注入漏洞,一个注入不需要任何条件即可exploit,另一个是是发生在admin后台的注入。因为大部分参数都是依赖于简单的过滤,所以很容易由于过滤不全而产生漏洞。2a. Timing based Blind SQL Injection 基于时间的盲注证明:http://localhost/zeuscart-master/index.php?do=featured&action=showmaincatlanding&maincatid=-1AND IFSUBSTRINGversion, 1,...
Multiple SQL Injection Vulnerabilities in ZeusCart
ZeusCart is an open source PHP and Mysql based e-commerce platform. ZeusCart has multiple SQL injection vulnerabilities that can be exploited by remote attackers to execute arbitrary SQL commands...
CVE-2015-2182
Multiple cross-site scripting XSS vulnerabilities in ZeusCart 4 allow remote attackers to inject arbitrary web script or HTML via the 1 schltr parameter in a brands action or 2 brand parameter in a viewbrands action to index.php. NOTE: The search parameter vector is already covered by CVE-2010-53...
Cross site scripting
Cross-site scripting XSS vulnerability in ZeusCart 4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter in a search action to index.php...
CVE-2010-5322
Cross-site scripting XSS vulnerability in ZeusCart 4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter in a search action to index.php...
CVE-2015-2182
Multiple cross-site scripting XSS vulnerabilities in ZeusCart 4 allow remote attackers to inject arbitrary web script or HTML via the 1 schltr parameter in a brands action or 2 brand parameter in a viewbrands action to index.php. NOTE: The search parameter vector is already covered by CVE-2010-53...
CVE-2015-2184
ZeusCart 4 allows remote attackers to obtain configuration information via a getphpinfo action to admin/, which calls the phpinfo function...
CVE-2015-2183
ZeusCart 4 (open source PHP/MySQL e‑commerce) is affected by multiple SQL injection vulnerabilities in the administrative backend. The flaws allow remote administrators to inject arbitrary SQL via the id parameter in disporders detail or subadminmgt edit actions, or via the cid parameter in editc...
Zeuscart Multiple Vulnerabilities
Zeuscart is vulnerable to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:zeuscart:zeuscart"; if...