NotCVE - vendor:"Oscommerce" product:"Oscommerce" version:" <= 2.2ms1j-r8"

Page 2 of 17 results (0.003 seconds)

CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0

CVE-2009-2038

https://notcve.org/view.php?id=CVE-2009-2038

Unspecified vulnerability in the Finnish Bank Payment module 2.2 for osCommerce has unknown impact and attack vectors related to bank charges. Vulnerabilidad inespecífica en el modulo Finnish Bank Payment v2.2 para osCommerce tiene impacto y vectores de ataque desconocidos relacionados con los cargos del banco. • http://addons.oscommerce.com/info/5485 http://secunia.com/advisories/35385 http://www.cert.fi/haavoittuvuudet/2009/haavoittuvuus-2009-046.html https://exchange.xforce.ibmcloud.com/vulnerabilities/51007 •

CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 0

CVE-2009-0408

https://notcve.org/view.php?id=CVE-2009-0408

Cross-site request forgery (CSRF) vulnerability in osCommerce 2.2 RC 2a allows remote attackers to hijack the authentication of administrators. Una vulnerabilidad de tipo cross-site request forgery (CSRF) en osCommerce versión 2.2 RC 2a, permite a los atacantes remotos secuestrar la autenticación de los administradores. • http://holisticinfosec.org/content/view/97/45 http://osvdb.org/51605 http://secunia.com/advisories/33446 https://exchange.xforce.ibmcloud.com/vulnerabilities/48289 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

CVE-2008-4170

https://notcve.org/view.php?id=CVE-2008-4170

create_account.php in osCommerce 2.2 RC 2a allows remote attackers to obtain sensitive information via an invalid dob parameter, which reveals the installation path in an error message. create_account.php en osCommerce 2.2 RC 2a, permite a atacantes remotos obtener información sensible a través de un parámetro "dob" inválido, lo que muestra el directorio de instalación en un mensaje de error. • http://securityreason.com/securityalert/4293 http://www.securityfocus.com/archive/1/496417/100/0/threaded http://www.securityfocus.com/bid/31209 https://exchange.xforce.ibmcloud.com/vulnerabilities/45193 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2

CVE-2008-0719 – osCommerce Addon Customer Testimonials 3.1 - SQL Injection

https://notcve.org/view.php?id=CVE-2008-0719

SQL injection vulnerability in customer_testimonials.php in the Customer Testimonials 3 and 3.1 Addon for osCommerce Online Merchant 2.2 allows remote attackers to execute arbitrary SQL commands via the testimonial_id parameter. Vulnerabilidad de inyección SQL en customer_testimonials.php de Customer Testimonials 3 y 3.1 Addon para osCommerce Online Merchant 2.2. Permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro testimonial_id. • https://www.exploit-db.com/exploits/5075 http://secunia.com/advisories/28831 http://www.securityfocus.com/bid/27664 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 4.3EPSS: 3%CPEs: 11EXPL: 21

CVE-2006-5190 – osCommerce 2.2 - '/admin/banner_manager.php?page' Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2006-5190

Multiple cross-site scripting (XSS) vulnerabilities in osCommerce 2.2 Milestone 2 Update 060817 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter in the (a) banner_manager.php, (b) banner_statistics.php, (c) countries.php, (d) currencies.php, (e) languages.php, (f) manufacturers.php, (g) newsletters.php, (h) orders_status.php, (i) products_attributes.php, (j) products_expected.php, (k) reviews.php, (l) specials.php, (m) stats_products_purchased.php, (n) stats_products_viewed.php, (o) tax_classes.php, (p) tax_rates.php, or (q) zones.php scripts in /admin, and the (2) zpage parameter in (r) admin/geo_zones.php. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados en osCommerce 2.2 Milestone 2 Update 060817 permite a un atacante remoto inyectar secuencias de comandos web o HTML de su elección a través del parámetro (1) page en las secuencias de comandos (a) banner_manager.php, (b) banner_statistics.php, (c) countries.php, (d) currencies.php, (e) languages.php, (f) manufacturers.php, (g) newsletters.php, (h) orders_status.php, (i) products_attributes.php, (j) products_expected.php, (k) reviews.php, (l) specials.php, (m) stats_products_purchased.php, (n) stats_products_viewed.php, (o) tax_classes.php, (p) tax_rates.php, o (q) zones.php en /admin, y el (2) parámetro zpage en (r) admin/geo_zones.php. • https://www.exploit-db.com/exploits/28743 https://www.exploit-db.com/exploits/28745 https://www.exploit-db.com/exploits/28746 https://www.exploit-db.com/exploits/28744 https://www.exploit-db.com/exploits/28747 https://www.exploit-db.com/exploits/28748 https://www.exploit-db.com/exploits/28749 https://www.exploit-db.com/exploits/28750 https://www.exploit-db.com/exploits/28751 https://www.exploit-db.com/exploits/28752 https://www.exploit-db.com/exploits/28753 •

1 2 3 4