CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2008-6757 – ViArt Shop 3.5 - 'manuals_search.php?manuals_search' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-6757
28 Apr 2009 — Cross-site scripting (XSS) vulnerability in manuals_search.php in ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to inject arbitrary web script or HTML via the manuals_search parameter. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en manuals_search.php en ViArt Shop (alias Shopping Cart) v3.5 permite a atacantes remotos inyectar HTML o scripts web arbitrarios a través del parámetro manuals_search. • https://www.exploit-db.com/exploits/32685 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 4CVE-2008-6758 – Viart shopping cart 3.5 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2008-6758
28 Apr 2009 — Cross-site request forgery (CSRF) vulnerability in cart_save.php in ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to hijack the authentication of arbitrary users for requests that conduct persistent cross-site scripting (XSS) attacks via the cart_name parameter in a save action. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en cart_save.php en Viart Shop (alias Shopping Cart) v3.5 permite a atacantes remotos secuestrar la autenticación de usuarios a su elección para las ... • https://www.exploit-db.com/exploits/7628 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 3CVE-2008-6759
https://notcve.org/view.php?id=CVE-2008-6759
28 Apr 2009 — ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to obtain sensitive information via a URL in the POST_DATA parameter to manuals_search.php, which reveals the installation path in an error message. Viart Shop (alias Shopping Cart) v3.5 permite a atacantes remotos obtener información sensible a través de una URL en el parámetro POST_DATA a manuals_search.php, el cual revela la ruta de instalación en un mensaje de error. • http://www.osvdb.org/53281 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 2CVE-2008-6760
https://notcve.org/view.php?id=CVE-2008-6760
28 Apr 2009 — ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to obtain sensitive information via an unauthenticated add and save action for a shopping cart in cart_save.php, which reveals the SQL table names in an error message, related to code that mishandles the lack of a user_id parameter. Viart Shop (alias Shopping Cart) v3.5 permite a atacantes remotos obtener información sensible a través de una acción añadir y salvar no autenticada para un carro de compra en cart_save.php, lo cual revela los nombres de... • http://www.osvdb.org/53282 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 9.1EPSS: 1%CPEs: 1EXPL: 3CVE-2008-6765 – Viart shopping cart 3.5 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2008-6765
28 Apr 2009 — ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to access the contents of an arbitrary shopping cart via a modified cart_name parameter. Viart Shop (alias Shopping Cart) v3.5 permite a atacantes remotos acceder al contenido de un carrito de la compra a su elección a través de un parámetro cart_name modificado. • https://www.exploit-db.com/exploits/7628 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2008-6766
https://notcve.org/view.php?id=CVE-2008-6766
28 Apr 2009 — cart_save.php in ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to cause a denial of service (excessive shopping carts) via a flood of requests. cart_save.php en Viart Shop (alias Shopping Cart) v3.5 permite a atacantes remotos provocar una denegación de servicio (exceso de carritos de la compra) a través de una avalancha de solicitudes. • http://www.osvdb.org/53285 •
CVSS: 9.8EPSS: 1%CPEs: 6EXPL: 2CVE-2008-3369 – ViArt Shop 3.5 - 'category_id' SQL Injection
https://notcve.org/view.php?id=CVE-2008-3369
30 Jul 2008 — SQL injection vulnerability in products_rss.php in ViArt Shop 3.5 and earlier allows remote attackers to execute arbitrary SQL commands via the category_id parameter. Vulnerabilidad de inyección SQL en products_rss.php en ViArt Shop 3.5 y anteriores, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "category_id". • https://www.exploit-db.com/exploits/6154 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 13%CPEs: 4EXPL: 2CVE-2007-6347 – ViArt CMS/Shop/Helpdesk 3.3.2 - Remote File Inclusion
https://notcve.org/view.php?id=CVE-2007-6347
13 Dec 2007 — PHP remote file inclusion vulnerability in blocks/block_site_map.php in ViArt (1) CMS 3.3.2, (2) HelpDesk 3.3.2, (3) Shop Evaluation 3.3.2, and (4) Shop Free 3.3.2 allows remote attackers to execute arbitrary PHP code via a URL in the root_folder_path parameter. NOTE: some of these details are obtained from third party information. Vulnerabilidad de inclusión remota de archivo en PHP en blocks/block_site_map.php de ViArt (1) CMS 3.3.2, (2) HelpDesk 3.3.2, (3) Shop Evaluation 3.3.2, y (4) Shop Free 3.3.2 per... • https://www.exploit-db.com/exploits/4722 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2007-5463
https://notcve.org/view.php?id=CVE-2007-5463
15 Oct 2007 — ideal_process.php in the iDEAL payment module in ViArt Shop 3.3 beta and earlier might allow remote attackers to obtain the pathname for certificate and key files via an "iDEAL transaction", possibly involving fopen error messages for nonexistent files, a different issue than CVE-2007-5364. NOTE: this can be leveraged for reading certificate or key files if an installation places these files under the web document root. ideal_process.php en el módulo de pago iDEAL de ViArt Shop 3.3 beta y versiones anterior... • http://osvdb.org/40151 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2006-2979
https://notcve.org/view.php?id=CVE-2006-2979
12 Jun 2006 — Multiple cross-site scripting (XSS) vulnerabilities in ViArt Shop Free 2.5.5, and possibly other distributions including Light, Standard, and Enterprise, allow remote attackers to inject arbitrary web script or HTML via the (1) forum_id parameter in forum.php, which is not properly handled in block_forum_topics.php, and (2) item_id parameter in reviews.php, which is not properly handled in block_reviews.php. • http://secunia.com/advisories/20538 •