CVE-2012-0311
https://notcve.org/view.php?id=CVE-2012-0311
Cross-site scripting (XSS) vulnerability in osCommerce 2.2MS1J before R9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en osCommerce 2.2MS1J anterior a R9 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://jvn.jp/en/jp/JVN36559450/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2012-000004 http://sourceforge.jp/forum/forum.php?forum_id=28119 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2011-4543
https://notcve.org/view.php?id=CVE-2011-4543
Multiple directory traversal vulnerabilities in osCommerce 3.0.2 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) set or (2) module parameter to (a) OM/Core/Site/Admin/Application/templates_modules/pages/info.php, (b) OM/Core/Site/Admin/Application/templates_modules/pages/edit.php, or (c) OM/Core/Site/Admin/Application/templates_modules/pages/uninstall.php; the (3) set parameter to OM/Core/Site/Admin/Application/templates_modules/pages/main.php; the module parameter to (4) OM/Core/Site/Admin/Application/modules_order_total/pages/edit.php, (5) OM/Core/Site/Admin/Application/modules_order_total/pages/uninstall.php, (6) OM/Core/Site/Admin/Application/modules_order_total/pages/info.php, (7) OM/Core/Site/Admin/Application/modules_geoip/pages/edit.php, (8) OM/Core/Site/Admin/Application/modules_geoip/pages/uninstall.php, (9) OM/Core/Site/Admin/Application/images/pages/main.php, (10) OM/Core/Site/Admin/Application/modules_shipping/pages/edit.php, or (11) OM/Core/Site/Admin/Application/modules_shipping/pages/uninstall.php; the filter parameter to (12) OM/Core/Site/Admin/Application/templates_modules_layout/pages/main.php, (13) OM/Core/Site/Admin/Application/templates_modules_layout/pages/new.php, or (14) OM/Core/Site/Admin/Application/templates_modules_layout/pages/edit.php; or the template parameter to (15) OM/Core/Site/Admin/Application/templates/pages/info.php, (16) OM/Core/Site/Admin/Application/templates/pages/edit.php, or (17) OM/Core/Site/Admin/Application/templates/pages/uninstall.php. Múltiples vulnerabilidades de salto de directorio en osCommerce versión 3.0.2, permiten a los atacantes remotos incluir y ejecutar archivos locales arbitrarios por medio de un .. (punto) en el parámetro (1) set o (2) module en archivo (a) OM/Core/Site/Admin/Application/templates_modules/pages/info.php, (b) OM/Core/Site/Admin/Admin/Application/templates_modules/pages/edit.php, o (c) OM/Core/Site/Admin/ Application/templates_modules/pages/uninstall.php; (3) parámetro set en archivo OM/Core/Site/Admin/Application/templates_modules/pages/main.php; parámetro module en archivo (4) OM/Core/Site/Admin/Application/modules_order_total/pages/edit.php, (5) OM/Core/Site/Admin/Application/modules_order_total/pages/uninstall.php, (6) OM/Core/Site/Admin/Application/modules_order_total/pages/info.php, (7) OM/Core/Site/Admin/Application/modules_geoip/pages/edit.php, (8) OM/Core/Site/Admin/Application/modules_geoip/pages/uninstall.php, (9) OM/Core/Site/Admin/Application/images/pages/main.php, (10) OM/Core/Site/Admin/Application/modules_shipping/pages/edit.php, o (11) OM/Core/Site/Admin/Application/modules_shipping/pages/ uninstall.php; parámetro filter en archivo (12) OM/Core/Site/Admin/Application/templates_modules_layout/pages/main.php, (13) OM/Core/Site/Admin/Application/templates_modules_layout/pages/new.php, o (14) OM/Core/Site/Admin/ Application/templates_modules_layout/pages/edit.php; o el parámetro template en archivo (15) OM/Core/Site/Admin/Application/templates/pages/info.php, (16) OM/Core/Site/Admin/Application/templates/pages/edit.php, o (17) OM/Core/Site/Admin/Application/templates/pages/ uninstall.php. • http://secunia.com/advisories/48308 http://www.securityfocus.com/bid/50793 https://www.dognaedis.com/vulns/DGS-SEC-4.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2011-3767
https://notcve.org/view.php?id=CVE-2011-3767
osCommerce 3.0a5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by redirect.php. osCommerce 3.0a5 permite a atacantes remotos obtener información sensible a través de una petición directa a un archivo .php, lo que revela la ruta de instalación en un mensaje de error, como se demostró con redirect.php. • http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/oscommerce-3.0a5 http://www.openwall.com/lists/oss-security/2011/06/27/6 https://exchange.xforce.ibmcloud.com/vulnerabilities/70605 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2009-2038
https://notcve.org/view.php?id=CVE-2009-2038
Unspecified vulnerability in the Finnish Bank Payment module 2.2 for osCommerce has unknown impact and attack vectors related to bank charges. Vulnerabilidad inespecífica en el modulo Finnish Bank Payment v2.2 para osCommerce tiene impacto y vectores de ataque desconocidos relacionados con los cargos del banco. • http://addons.oscommerce.com/info/5485 http://secunia.com/advisories/35385 http://www.cert.fi/haavoittuvuudet/2009/haavoittuvuus-2009-046.html https://exchange.xforce.ibmcloud.com/vulnerabilities/51007 •
CVE-2009-2039
https://notcve.org/view.php?id=CVE-2009-2039
Unspecified vulnerability in the Luottokunta module before 1.3 for osCommerce has unknown impact and attack vectors related to orders. Vulnerabilidad inespecífica en el modulo Luottokunta anteriores a v1.3 para osCommerce tiene un impacto y unos vectores de ataque relacionados con los pedidos. • http://addons.oscommerce.com/info/3698 http://secunia.com/advisories/35291 http://www.cert.fi/haavoittuvuudet/2009/haavoittuvuus-2009-046.html http://www.securityfocus.com/bid/35191 https://exchange.xforce.ibmcloud.com/vulnerabilities/50925 •