13 matches found
EUVD-2005-4018
Malware in sbrugna...
EUVD-2012-1660
Malware in sbrugna...
ZipCart - Shopping in Berlin - Customized SSL, Dangerous filesystem permissions, Redefined SSL Common Names verifier vulnerabilities
HackApp vulnerability scanner discovered that application ZipCart - Shopping in Berlin published at the 'play' market has multiple vulnerabilities...
CVE-2012-1650
The ZipCart module 6.x before 6.x-1.4 for Drupal checks the "access content" permission instead of the "access ZipCart downloads" permission when building archives, which allows remote authenticated users with access content permission to bypass intended access restrictions...
Code injection
The ZipCart module 6.x before 6.x-1.4 for Drupal checks the "access content" permission instead of the "access ZipCart downloads" permission when building archives, which allows remote authenticated users with access content permission to bypass intended access restrictions...
CVE-2012-1650
The CVE-2012-1650 entry concerns the Drupal ZipCart module (6.x) prior to 6.x-1.4. The vulnerability arises because archive creation checks the wrong permission: it uses the generic “access content” permission instead of “access ZipCart downloads,” allowing remote authenticated users who have acc...
CVE-2012-1650
The ZipCart module 6.x before 6.x-1.4 for Drupal checks the "access content" permission instead of the "access ZipCart downloads" permission when building archives, which allows remote authenticated users with access content permission to bypass intended access restrictions...
SA-CONTRIB-2012-026 - ZipCart - Access bypass
CVE: CVE-2012-1650 ZipCart enables a site to provide users with Zip archives for downloads selected by the user. Versions of ZipCart prior to 6.x-1.4 checks an incorrect permission when building archives. This vulnerability is mitigated by the fact that archive file addition is only permitted if...
Gallery Zipcart Module Arbitrary File Disclosure
The installation of Gallery hosted on the remote web server allows an unauthenticated, remote attacker to use the ZipCart module to retrieve arbitrary files, subject to the privileges of the web server user id. Note that successful exploitation requires that the ZipCart module is installed and...
Gallery Install Log Local Information Disclosure
The installation of Gallery hosted on the remote web server places its data directory under the web server's document root and makes its install log available to anyone. Using a simple GET request, a remote attacker can retrieve this log and discover sensitive information about the affected...
CVE-2005-4023
Unspecified vulnerability in the zipcart module in Gallery 2.0 before 2.0.2 allows remote attackers to read arbitrary files via unknown vectors...
CVE-2005-4023
Unspecified vulnerability in the zipcart module in Gallery 2.0 before 2.0.2 allows remote attackers to read arbitrary files via unknown vectors...
CVE-2005-4023
The Gallery 2.0 ZipCart module contains an unspecified vulnerability in versions before 2.0.2 that allows an unauthenticated, remote attacker to read arbitrary files, subject to web server user privileges. Exploitation requires the ZipCart module to be installed and active; the vectors are not di...