Page 2 of 15 results (0.003 seconds)

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

create_account.php in osCommerce 2.2 RC 2a allows remote attackers to obtain sensitive information via an invalid dob parameter, which reveals the installation path in an error message. create_account.php en osCommerce 2.2 RC 2a, permite a atacantes remotos obtener información sensible a través de un parámetro "dob" inválido, lo que muestra el directorio de instalación en un mensaje de error. • http://securityreason.com/securityalert/4293 http://www.securityfocus.com/archive/1/496417/100/0/threaded http://www.securityfocus.com/bid/31209 https://exchange.xforce.ibmcloud.com/vulnerabilities/45193 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2

SQL injection vulnerability in customer_testimonials.php in the Customer Testimonials 3 and 3.1 Addon for osCommerce Online Merchant 2.2 allows remote attackers to execute arbitrary SQL commands via the testimonial_id parameter. Vulnerabilidad de inyección SQL en customer_testimonials.php de Customer Testimonials 3 y 3.1 Addon para osCommerce Online Merchant 2.2. Permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro testimonial_id. • https://www.exploit-db.com/exploits/5075 http://secunia.com/advisories/28831 http://www.securityfocus.com/bid/27664 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 4.3EPSS: 3%CPEs: 11EXPL: 21

Multiple cross-site scripting (XSS) vulnerabilities in osCommerce 2.2 Milestone 2 Update 060817 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter in the (a) banner_manager.php, (b) banner_statistics.php, (c) countries.php, (d) currencies.php, (e) languages.php, (f) manufacturers.php, (g) newsletters.php, (h) orders_status.php, (i) products_attributes.php, (j) products_expected.php, (k) reviews.php, (l) specials.php, (m) stats_products_purchased.php, (n) stats_products_viewed.php, (o) tax_classes.php, (p) tax_rates.php, or (q) zones.php scripts in /admin, and the (2) zpage parameter in (r) admin/geo_zones.php. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados en osCommerce 2.2 Milestone 2 Update 060817 permite a un atacante remoto inyectar secuencias de comandos web o HTML de su elección a través del parámetro (1) page en las secuencias de comandos (a) banner_manager.php, (b) banner_statistics.php, (c) countries.php, (d) currencies.php, (e) languages.php, (f) manufacturers.php, (g) newsletters.php, (h) orders_status.php, (i) products_attributes.php, (j) products_expected.php, (k) reviews.php, (l) specials.php, (m) stats_products_purchased.php, (n) stats_products_viewed.php, (o) tax_classes.php, (p) tax_rates.php, o (q) zones.php en /admin, y el (2) parámetro zpage en (r) admin/geo_zones.php. • https://www.exploit-db.com/exploits/28743 https://www.exploit-db.com/exploits/28745 https://www.exploit-db.com/exploits/28746 https://www.exploit-db.com/exploits/28744 https://www.exploit-db.com/exploits/28747 https://www.exploit-db.com/exploits/28748 https://www.exploit-db.com/exploits/28749 https://www.exploit-db.com/exploits/28750 https://www.exploit-db.com/exploits/28751 https://www.exploit-db.com/exploits/28752 https://www.exploit-db.com/exploits/28753 •

CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1

SQL injection vulnerability in shopping_cart.php in osCommerce before 2.2 Milestone 2 060817 allows remote attackers to execute arbitrary SQL commands via id array parameters. Vulnerabilidad e inyección SQL en shopping_carg.php de osCommerce anetrior a 2.2 Milestone 2 060817 permite a atacantes remotos ejecutar comandos SQL de su elección a través de parámetros array de id. • http://forums.oscommerce.com/index.php?showtopic=223556&pid=918371 http://securitytracker.com/id?1016719 http://www.gulftech.org/?node=research&article_id=00110-08172006 http://www.securityfocus.com/archive/1/444780/100/0/threaded http://www.securityfocus.com/bid/19644 http://www.securityfocus.com/bid/19774 https://exchange.xforce.ibmcloud.com/vulnerabilities/28434 •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1

Multiple directory traversal vulnerabilities in cache.php in osCommerce before 2.2 Milestone 2 060817 allow remote attackers to determine existence of arbitrary files and disclose the installation path via a .. (dot dot) in unspecified parameters in the (1) tep_cache_also_purchased, (2) tep_cache_manufacturers_box, and (3) tep_cache_categories_box functions. Múltiples vulnerabilidades de escalado de directorio en cache.php de osCommerce anterior a 2.2 Milestone 2 060817 permiten a atacantes remotos determinar la existencia de archivos de su elección y descubrir la ruta de instalación mediante un .. (punto punto) en parámetros no especificados en las funciones (1) tep_cache_also_purchased, (2) tep_cache_manufacturers_box, y (3) tep_cache_categories_box. • http://forums.oscommerce.com/index.php?showtopic=223556&pid=918371 http://www.gulftech.org/?node=research&article_id=00110-08172006 https://exchange.xforce.ibmcloud.com/vulnerabilities/28435 •