21 results (0.003 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Multiple SQL injection vulnerabilities in CubeCart 3.0.16 might allow remote attackers to execute arbitrary SQL commands via an unspecified parameter to cart.inc.php and certain other files in an include directory, related to missing sanitization of the $option variable and possibly cookie modification. Múltiples vulnerabilidades de inyección SQL en el CubeCart 3.0.16 pueden permitir a atacantes remotos ejecutar comandos SQL de su elección a través de parámetros sin especificar en el cart.inc.php y otros ficheros concretos en el directorio include, relacionada con la pérdida del saneamiento de la variable $option y, posiblemente, con la modificación de cookies. • http://osvdb.org/38100 http://securityreason.com/securityalert/2730 http://www.securityfocus.com/archive/1/469301/100/0/threaded http://www.securityfocus.com/bid/24100 https://exchange.xforce.ibmcloud.com/vulnerabilities/34460 •

CVSS: 5.0EPSS: 4%CPEs: 1EXPL: 0

Multiple CRLF injection vulnerabilities in Devellion CubeCart 3.0.15 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a cookie name beginning with "ccSID" to (1) cart.php or (2) index.php. Múltiples vulnerabilidades de inyección de retorno de carro y salto de línea (CRLF) en Devellion CubeCart 3.0.15 permite a atacantes remotos inyectar cabeceras HTTP de su elección y llevar a cabo ataques de ruptura de respuestas HTTP mediante secuencias CRLF en un nombre de una cookie que empieza con "ccSID" a (1) cart.php o (2) index.php. • http://osvdb.org/36209 http://osvdb.org/36210 http://securityreason.com/securityalert/2678 http://www.cubecart.com/site/forums/index.php?s=0cbaa8a2f26fc573d1fc888285f610b1&showtopic=27418 http://www.securityfocus.com/archive/1/467828/100/0/threaded http://www.securityfocus.com/archive/1/468053/100/0/threaded http://www.securityfocus.com/bid/23852 https://exchange.xforce.ibmcloud.com/vulnerabilities/34141 •

CVSS: 5.0EPSS: 0%CPEs: 7EXPL: 1

Devellion CubeCart 2.0.x allows remote attackers to obtain sensitive information via a direct request for (1) link_navi.php or (2) spotlight.php, which reveals the path in various error messages. NOTE: the information.php, language.php, list_docs.php, popular_prod.php, sale.php, check_sum.php, and cat_navi.php vectors are already covered by CVE-2005-0607. Devellion CubeCart 2.0.x permite a atacantes remotos obtener información sensible a través de la respuesta directa para (1) link_navi.php o (2) spotlight.php, lo cual revela el camino en varios mensajes de error, NOTA: los vectores information.php, language.php, list_docs.php, popular_prod.php, sale.php, check_sum.php, y cat_navi.php están actualmente cubiertos por CVE-2005-0607. • http://securityreason.com/securityalert/1662 http://www.securityfocus.com/archive/1/447009/100/0/threaded http://www.securityfocus.com/bid/20215 https://exchange.xforce.ibmcloud.com/vulnerabilities/29178 •

CVSS: 6.8EPSS: 4%CPEs: 7EXPL: 7

Multiple cross-site scripting (XSS) vulnerabilities in Devellion CubeCart 2.0.x allow remote attackers to inject arbitrary web script or HTML via the order_id parameter in (1) admin/print_order.php and (2) view_order.php; the (3) site_url and (4) la_search_home parameters and (5) certain language parameters in admin/nav.php; the (6) image parameter in admin/image.php; the (7) site_name, (8) la_adm_header, (9) charset, and (10) certain other parameters in admin/header.inc.php; the (12) la_pow_by parameter in footer.inc.php; and the (13) site_name parameter and (14) certain other parameters in header.inc.php. Múltiples vulnerabilidades se secuencias de comandos en sitios cruzados (XSS) en Devellion CubeCart 2.0.x permite a un atacante remoto inyectar secuencias de comandos web o HTML a través del parámetro order_id en (1)admin/print_order.php y (2) view_order.php; los parámetros (3) site_urly (4) la_search_home y ciertos parámetros de lenguaje en admin/nav.php; el parámetro (6) image en admin/image.php;el(7) site_name, (8) la_adm_header, (9) charset, y (10) otros parámetros en admin/header.inc.php; el parámetro(12) la_pow_by parameter en footer.inc.php; y el parámetro (13) site_name y (14) otros parámetros en header.inc.php. • https://www.exploit-db.com/exploits/28703 https://www.exploit-db.com/exploits/28701 https://www.exploit-db.com/exploits/28702 https://www.exploit-db.com/exploits/28699 https://www.exploit-db.com/exploits/28704 https://www.exploit-db.com/exploits/28700 http://secunia.com/advisories/22175 http://securityreason.com/securityalert/1662 http://www.osvdb.org/29246 http://www.osvdb.org/29247 http://www.osvdb.org/29248 http://www.osvdb.org/29249 http://www.os •

CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 5

Multiple SQL injection vulnerabilities in Devellion CubeCart 2.0.x allow remote attackers to execute arbitrary SQL commands via (1) the user_name parameter in admin/forgot_pass.php, (2) the order_id parameter in view_order.php, (3) the view_doc parameter in view_doc.php, and (4) the order_id parameter in admin/print_order.php. Múltiples vulnerabilidades de inyección SQL en Devellion CubeCart 2.0.x permite a un atacante remoto ejecutar comandos SQL de su elección a través del (1)parámetro user_name en admin/forgot_pass.php, (2) el parámerto order_id en view_order.php, (3) el parámetro view_doc en view_doc.php, y (4) el parámetro order_id en admin/print_order.php. • https://www.exploit-db.com/exploits/28695 https://www.exploit-db.com/exploits/28698 https://www.exploit-db.com/exploits/28697 https://www.exploit-db.com/exploits/28696 http://securityreason.com/securityalert/1662 http://www.securityfocus.com/archive/1/447009/100/0/threaded http://www.securityfocus.com/bid/20215 https://exchange.xforce.ibmcloud.com/vulnerabilities/29176 •