Page 14 of 77 results (0.007 seconds)

CVSS: 4.3EPSS: 3%CPEs: 11EXPL: 21

Multiple cross-site scripting (XSS) vulnerabilities in osCommerce 2.2 Milestone 2 Update 060817 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter in the (a) banner_manager.php, (b) banner_statistics.php, (c) countries.php, (d) currencies.php, (e) languages.php, (f) manufacturers.php, (g) newsletters.php, (h) orders_status.php, (i) products_attributes.php, (j) products_expected.php, (k) reviews.php, (l) specials.php, (m) stats_products_purchased.php, (n) stats_products_viewed.php, (o) tax_classes.php, (p) tax_rates.php, or (q) zones.php scripts in /admin, and the (2) zpage parameter in (r) admin/geo_zones.php. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados en osCommerce 2.2 Milestone 2 Update 060817 permite a un atacante remoto inyectar secuencias de comandos web o HTML de su elección a través del parámetro (1) page en las secuencias de comandos (a) banner_manager.php, (b) banner_statistics.php, (c) countries.php, (d) currencies.php, (e) languages.php, (f) manufacturers.php, (g) newsletters.php, (h) orders_status.php, (i) products_attributes.php, (j) products_expected.php, (k) reviews.php, (l) specials.php, (m) stats_products_purchased.php, (n) stats_products_viewed.php, (o) tax_classes.php, (p) tax_rates.php, o (q) zones.php en /admin, y el (2) parámetro zpage en (r) admin/geo_zones.php. • https://www.exploit-db.com/exploits/28743 https://www.exploit-db.com/exploits/28745 https://www.exploit-db.com/exploits/28746 https://www.exploit-db.com/exploits/28744 https://www.exploit-db.com/exploits/28747 https://www.exploit-db.com/exploits/28748 https://www.exploit-db.com/exploits/28749 https://www.exploit-db.com/exploits/28750 https://www.exploit-db.com/exploits/28751 https://www.exploit-db.com/exploits/28752 https://www.exploit-db.com/exploits/28753 •

CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1

SQL injection vulnerability in shopping_cart.php in osCommerce before 2.2 Milestone 2 060817 allows remote attackers to execute arbitrary SQL commands via id array parameters. Vulnerabilidad e inyección SQL en shopping_carg.php de osCommerce anetrior a 2.2 Milestone 2 060817 permite a atacantes remotos ejecutar comandos SQL de su elección a través de parámetros array de id. • http://forums.oscommerce.com/index.php?showtopic=223556&pid=918371 http://securitytracker.com/id?1016719 http://www.gulftech.org/?node=research&article_id=00110-08172006 http://www.securityfocus.com/archive/1/444780/100/0/threaded http://www.securityfocus.com/bid/19644 http://www.securityfocus.com/bid/19774 https://exchange.xforce.ibmcloud.com/vulnerabilities/28434 •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1

Multiple directory traversal vulnerabilities in cache.php in osCommerce before 2.2 Milestone 2 060817 allow remote attackers to determine existence of arbitrary files and disclose the installation path via a .. (dot dot) in unspecified parameters in the (1) tep_cache_also_purchased, (2) tep_cache_manufacturers_box, and (3) tep_cache_categories_box functions. Múltiples vulnerabilidades de escalado de directorio en cache.php de osCommerce anterior a 2.2 Milestone 2 060817 permiten a atacantes remotos determinar la existencia de archivos de su elección y descubrir la ruta de instalación mediante un .. (punto punto) en parámetros no especificados en las funciones (1) tep_cache_also_purchased, (2) tep_cache_manufacturers_box, y (3) tep_cache_categories_box. • http://forums.oscommerce.com/index.php?showtopic=223556&pid=918371 http://www.gulftech.org/?node=research&article_id=00110-08172006 https://exchange.xforce.ibmcloud.com/vulnerabilities/28435 •

CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0

SQL injection vulnerability in additional_images.php (aka the Additional Images module) before 1.14 in osCommerce allows remote attackers to execute arbitrary SQL commands via the products_id parameter to product_info.php. • http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0124.html http://secunia.com/advisories/17082 http://www.oscommerce.com/community/contributions%2C1032 http://www.osvdb.org/19874 http://www.securityfocus.com/bid/15023 http://www.vupen.com/english/advisories/2005/1974 https://exchange.xforce.ibmcloud.com/vulnerabilities/22528 •

CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 2

Directory traversal vulnerability in extras/update.php in osCommerce 2.2 allows remote attackers to read arbitrary files via (1) .. sequences or (2) a full pathname in the readme_file parameter. Vulnerabilidad de franqueo de directorio en extras/update.php en osCommerce 2.2 permite que atacantes remotos lean ficheros arbitrarios mediante (1) secuencias .. o (2) un nombre de ruta completo completo en el parámetro "readme_file". • https://www.exploit-db.com/exploits/25994 http://retrogod.altervista.org/oscommerce_22_adv.html http://securitytracker.com/id?1015944 http://sourceforge.net/mailarchive/message.php?msg_id=12318248 http://www.oscommerce.com/community/bugs%2C2835 http://www.osvdb.org/18249 http://www.securityfocus.com/archive/1/431012 http://www.securityfocus.com/archive/1/431068 http://www.securityfocus.com/bid/14294 https://exchange.xforce.ibmcloud.com/vulnerabilities/25861 •