CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2008-6757 – ViArt Shop 3.5 - 'manuals_search.php?manuals_search' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-6757
28 Apr 2009 — Cross-site scripting (XSS) vulnerability in manuals_search.php in ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to inject arbitrary web script or HTML via the manuals_search parameter. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en manuals_search.php en ViArt Shop (alias Shopping Cart) v3.5 permite a atacantes remotos inyectar HTML o scripts web arbitrarios a través del parámetro manuals_search. • https://www.exploit-db.com/exploits/32685 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 4CVE-2008-6758 – Viart shopping cart 3.5 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2008-6758
28 Apr 2009 — Cross-site request forgery (CSRF) vulnerability in cart_save.php in ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to hijack the authentication of arbitrary users for requests that conduct persistent cross-site scripting (XSS) attacks via the cart_name parameter in a save action. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en cart_save.php en Viart Shop (alias Shopping Cart) v3.5 permite a atacantes remotos secuestrar la autenticación de usuarios a su elección para las ... • https://www.exploit-db.com/exploits/7628 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 3CVE-2008-6759
https://notcve.org/view.php?id=CVE-2008-6759
28 Apr 2009 — ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to obtain sensitive information via a URL in the POST_DATA parameter to manuals_search.php, which reveals the installation path in an error message. Viart Shop (alias Shopping Cart) v3.5 permite a atacantes remotos obtener información sensible a través de una URL en el parámetro POST_DATA a manuals_search.php, el cual revela la ruta de instalación en un mensaje de error. • http://www.osvdb.org/53281 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 2CVE-2008-6760
https://notcve.org/view.php?id=CVE-2008-6760
28 Apr 2009 — ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to obtain sensitive information via an unauthenticated add and save action for a shopping cart in cart_save.php, which reveals the SQL table names in an error message, related to code that mishandles the lack of a user_id parameter. Viart Shop (alias Shopping Cart) v3.5 permite a atacantes remotos obtener información sensible a través de una acción añadir y salvar no autenticada para un carro de compra en cart_save.php, lo cual revela los nombres de... • http://www.osvdb.org/53282 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 9.1EPSS: 1%CPEs: 1EXPL: 3CVE-2008-6765 – Viart shopping cart 3.5 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2008-6765
28 Apr 2009 — ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to access the contents of an arbitrary shopping cart via a modified cart_name parameter. Viart Shop (alias Shopping Cart) v3.5 permite a atacantes remotos acceder al contenido de un carrito de la compra a su elección a través de un parámetro cart_name modificado. • https://www.exploit-db.com/exploits/7628 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2008-6766
https://notcve.org/view.php?id=CVE-2008-6766
28 Apr 2009 — cart_save.php in ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to cause a denial of service (excessive shopping carts) via a flood of requests. cart_save.php en Viart Shop (alias Shopping Cart) v3.5 permite a atacantes remotos provocar una denegación de servicio (exceso de carritos de la compra) a través de una avalancha de solicitudes. • http://www.osvdb.org/53285 •
CVSS: 9.8EPSS: 1%CPEs: 6EXPL: 2CVE-2008-3369 – ViArt Shop 3.5 - 'category_id' SQL Injection
https://notcve.org/view.php?id=CVE-2008-3369
30 Jul 2008 — SQL injection vulnerability in products_rss.php in ViArt Shop 3.5 and earlier allows remote attackers to execute arbitrary SQL commands via the category_id parameter. Vulnerabilidad de inyección SQL en products_rss.php en ViArt Shop 3.5 y anteriores, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "category_id". • https://www.exploit-db.com/exploits/6154 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2006-2980
https://notcve.org/view.php?id=CVE-2006-2980
12 Jun 2006 — SQL injection vulnerability in block_forum_topic_new.php in ViArt Shop Free 2.5.5, and possibly other distributions including Light, Standard, and Enterprise, might allow remote attackers to execute arbitrary SQL commands via unknown vectors, probably involving the forum_id parameter. • http://www.attrition.org/pipermail/vim/2006-June/000846.html •