Page 2 of 21 results (0.009 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

SQL injection vulnerability in includes/content/viewCat.inc.php in CubeCart 3.0.12 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the searchArray[] parameter. Vulnerabilidad de inyección SQL en includes/content/viewCat.inc.php en CubeCart 3.0.12 y anteriores, cuando register_globales está activado, permite a atacantes remotos ejecutar comandos SQL de su elección mediante el parámetro searchArray[]. • http://cubecart.com/site/forums/index.php?showtopic=21540 http://secunia.com/advisories/21659 http://www.cubecart.com/site/forums/index.php?s=5e34938dc670782af211587b8a450c90&act=Attach&type=post&id=697 http://www.gulftech.org/?node=research&article_id=00111-08282006& http://www.securityfocus.com/bid/19782 •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1

Cross-site scripting (XSS) vulnerability in CubeCart 3.0.12 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the links array. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en CubeCart 3.0.12 y anteriores, cuando register_globals está habilitado, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante el array links. • https://www.exploit-db.com/exploits/43840 http://cubecart.com/site/forums/index.php?showtopic=21540 http://secunia.com/advisories/21659 http://www.cubecart.com/site/forums/index.php?s=5e34938dc670782af211587b8a450c90&act=Attach&type=post&id=697 http://www.gulftech.org/?node=research&article_id=00111-08282006& http://www.securityfocus.com/bid/19782 •

CVSS: 2.6EPSS: 1%CPEs: 1EXPL: 0

includes/content/gateway.inc.php in CubeCart 3.0.12 and earlier, when magic_quotes_gpc is disabled, uses an insufficiently restrictive regular expression to validate the gateway parameter, which allows remote attackers to conduct PHP remote file inclusion attacks. includes/content/gateway.inc.php en CubeCart 3.0.12 y anteriores, cuando magic_quites_gpc está desactivado, usa una expresión regular insuficientemente restrictiav para validar el parámetro gateway, lo que permite a atacantes remotos llevar a cabo ataques de inclusión remota de archivos en PHP. • http://cubecart.com/site/forums/index.php?showtopic=21540 http://secunia.com/advisories/21659 http://www.cubecart.com/site/forums/index.php?s=5e34938dc670782af211587b8a450c90&act=Attach&type=post&id=697 http://www.gulftech.org/?node=research&article_id=00111-08282006& http://www.securityfocus.com/bid/19782 •

CVSS: 6.8EPSS: 17%CPEs: 6EXPL: 4

Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.11 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) file, (2) x, and (3) y parameters in (a) admin/filemanager/preview.php; and the (4) email parameter in (b) admin/login.php. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en CubeCart 3.0.11 y anteriores permiten a atacantes remotos inyectar secuencias de comandos web o HTML a través de los parámetros (1) file, (2) x, e (3) y en (a) admin/filemanager/preview.php; y el parámetro (4) email en (b) admin/login.php. • http://bugs.cubecart.com/?do=details&id=523 http://retrogod.altervista.org/cubecart_3011_adv.html http://secunia.com/advisories/21538 http://securityreason.com/securityalert/1429 http://securitytracker.com/id?1016708 http://www.cubecart.com/site/forums/index.php?showtopic=21247 http://www.osvdb.org/27987 http://www.osvdb.org/displayvuln.php?osvdb_id=27986 http://www.securityfocus.com/archive/1/443476/100/0/threaded http://www.securityfocus.com/bid/19563 http://www.vupen •

CVSS: 7.5EPSS: 1%CPEs: 6EXPL: 6

Multiple SQL injection vulnerabilities in CubeCart 3.0.11 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) oid parameter in modules/gateway/Protx/confirmed.php and the (2) x_invoice_num parameter in modules/gateway/Authorize/confirmed.php. Múltiples vulnerabilidades de inyección SQL en Cubecart 3.0.11 y anteriores permiten a atacantes remotos ejecuatr comandos SWL de su elección mediante el parámetro (1) oid en modules/gateway/Protx/confirmed.php y el parámetro (2) x_invoice_num en modules/gateway/Authorize/confirmed.php. • https://www.exploit-db.com/exploits/2198 http://bugs.cubecart.com/?do=details&id=523 http://retrogod.altervista.org/cubecart_3011_adv.html http://retrogod.altervista.org/cubecart_3011_sql.html http://retrogod.altervista.org/cubecart_3011_sql_mqg_bypass.html http://secunia.com/advisories/21538 http://securityreason.com/securityalert/1429 http://securitytracker.com/id?1016708 http://www.cubecart.com/site/forums/index.php?showtopic=21247 http://www.osvdb.org/27984 http://www.os •