CVE-2015-2214

NetCat 5.01 and earlier allows remote attackers to obtain the installation path via the redirect_url parameter to netshop/post.php.

CVE-2008-5728

Multiple directory traversal vulnerabilities in AIST NetCat 3.12 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the system parameter in modules/netshop/post.php; and the IN...