Page 2 of 9 results (0.005 seconds)

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors. Vulnerabilidad de salto de directorio en CubeCart en versiones anteriores a 6.1.4 permite a los atacantes autenticados remotos leer archivos arbitrarios a través de vectores no especificados. • http://jvn.jp/en/jp/JVN81618356/index.html http://www.securityfocus.com/bid/95866 https://forums.cubecart.com/topic/52088-cubecart-614-released • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors. Vulnerabilidad de salto de directorio en CubeCart en versiones anteriores a 6.1.4 permite a los atacantes autenticados remotos leer archivos arbitrarios a través de vectores no especificados. • http://jvn.jp/en/jp/JVN73182875/index.html http://www.securityfocus.com/bid/96429 https://support.cybozu.com/ja-jp/article/9499 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0

Directory traversal vulnerability in CubeCart versions prior to 6.1.5 allows attacker with administrator rights to read arbitrary files via unspecified vectors. Vulnerabilidad de salto de directorio en CubeCart en versiones anteriores a 6.1.5 permite al atacante con derechos de administrador leer archivos arbitrarios a través de vectores no especificados. • http://jvn.jp/en/jp/JVN63474730/index.html http://www.securityfocus.com/bid/96466 https://forums.cubecart.com/topic/52188-cubecart-615-released • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 6.8EPSS: 16%CPEs: 9EXPL: 2

Session fixation vulnerability in CubeCart before 5.2.9 allows remote attackers to hijack web sessions via the PHPSESSID parameter. Vulnerabilidad de fijación de sesión en CubeCart anterior a 5.2.9 permite a atacantes remotos secuestrar sesiones web a través del parámetro PHPSESSID. • https://www.exploit-db.com/exploits/32830 http://forums.cubecart.com/topic/48427-cubecart-529-relased http://secunia.com/advisories/57856 http://www.exploit-db.com/exploits/32830 http://www.osvdb.org/105784 http://www.securityfocus.com/bid/66805 http://www.securitytracker.com/id/1030086 https://exchange.xforce.ibmcloud.com/vulnerabilities/92526 • CWE-287: Improper Authentication •