Page 2 of 11 results (0.027 seconds)

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1

Cross-site scripting (XSS) vulnerability in manuals_search.php in ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to inject arbitrary web script or HTML via the manuals_search parameter. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en manuals_search.php en ViArt Shop (alias Shopping Cart) v3.5 permite a atacantes remotos inyectar HTML o scripts web arbitrarios a través del parámetro manuals_search. • https://www.exploit-db.com/exploits/32685 http://secunia.com/advisories/33340 http://www.osvdb.org/53284 http://www.securityfocus.com/archive/1/499625/100/0/threaded http://www.securityfocus.com/bid/33043 http://www.securitytracker.com/id?1021497 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 1%CPEs: 6EXPL: 2

SQL injection vulnerability in products_rss.php in ViArt Shop 3.5 and earlier allows remote attackers to execute arbitrary SQL commands via the category_id parameter. Vulnerabilidad de inyección SQL en products_rss.php en ViArt Shop 3.5 y anteriores, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "category_id". • https://www.exploit-db.com/exploits/6154 http://secunia.com/advisories/31275 http://securityreason.com/securityalert/4065 http://www.gulftech.org/?node=research&article_id=00118-07292008 http://www.securityfocus.com/archive/1/494839/100/0/threaded http://www.securityfocus.com/bid/30409 http://www.viart.com/another_critical_sql_injection_security_fix_for_version_3_5.html http://www.vupen.com/english/advisories/2008/2205/references https://exchange.xforce.ibmcloud.com/vulnerabilities/4404 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.8EPSS: 8%CPEs: 4EXPL: 2

PHP remote file inclusion vulnerability in blocks/block_site_map.php in ViArt (1) CMS 3.3.2, (2) HelpDesk 3.3.2, (3) Shop Evaluation 3.3.2, and (4) Shop Free 3.3.2 allows remote attackers to execute arbitrary PHP code via a URL in the root_folder_path parameter. NOTE: some of these details are obtained from third party information. Vulnerabilidad de inclusión remota de archivo en PHP en blocks/block_site_map.php de ViArt (1) CMS 3.3.2, (2) HelpDesk 3.3.2, (3) Shop Evaluation 3.3.2, y (4) Shop Free 3.3.2 permite a atacantes remotos ejecutar código PHP de su elección mediante un URL en el parámetro root_folder_path. NOTA: algunos de estos detalles se han obtenido de información de terceros. • https://www.exploit-db.com/exploits/4722 http://osvdb.org/42628 http://secunia.com/advisories/28066 http://www.securityfocus.com/bid/26828 http://www.vupen.com/english/advisories/2007/4207 https://exchange.xforce.ibmcloud.com/vulnerabilities/38993 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

ideal_process.php in the iDEAL payment module in ViArt Shop 3.3 beta and earlier might allow remote attackers to obtain the pathname for certificate and key files via an "iDEAL transaction", possibly involving fopen error messages for nonexistent files, a different issue than CVE-2007-5364. NOTE: this can be leveraged for reading certificate or key files if an installation places these files under the web document root. ideal_process.php en el módulo de pago iDEAL de ViArt Shop 3.3 beta y versiones anteriores podría permitir a atacantes remotos obtener el nombre de ruta de un certificado y ficheros de clave mediante una "transacción iDEAL", posiblemente involucrando mensajes de error fopen para ficheros no existentes, asunto diferente de CVE-2007-5364. NOTA: esto podría ser utilizado para leer certificados o ficheros de clave si una instalación sitúa estos ficheros bajo la raíz de documentos web. • http://osvdb.org/40151 http://secunia.com/advisories/27199 http://securityreason.com/securityalert/3233 http://www.securityfocus.com/archive/1/481978/100/0/threaded http://www.securityfocus.com/bid/25998 http://www.viart.com/ideal_process_script_fix_for_release_32_and_33_beta.html https://exchange.xforce.ibmcloud.com/vulnerabilities/37048 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 2.6EPSS: 0%CPEs: 1EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in ViArt Shop Free 2.5.5, and possibly other distributions including Light, Standard, and Enterprise, allow remote attackers to inject arbitrary web script or HTML via the (1) forum_id parameter in forum.php, which is not properly handled in block_forum_topics.php, and (2) item_id parameter in reviews.php, which is not properly handled in block_reviews.php. • http://secunia.com/advisories/20538 http://securityreason.com/securityalert/1087 http://www.attrition.org/pipermail/vim/2006-June/000846.html http://www.codetosell.com/downloads/xss_fix.zip http://www.securityfocus.com/archive/1/436415/100/0/threaded http://www.securityfocus.com/bid/18369 http://www.vupen.com/english/advisories/2006/2253 https://exchange.xforce.ibmcloud.com/vulnerabilities/27112 •