CVE-2009-2254 – Zen Cart 1.3.8 - SQL Execution
https://notcve.org/view.php?id=CVE-2009-2254
Zen Cart 1.3.8a, 1.3.8, and earlier does not require administrative authentication for admin/sqlpatch.php, which allows remote attackers to execute arbitrary SQL commands via the query_string parameter in an execute action, in conjunction with a PATH_INFO of password_forgotten.php, related to a "SQL Execution" issue. Zen Cart v1.3.8a, v1.3.8 y anteriores no solicita una autenticación administrativa para admin/sqlpatch.php, lo que permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro "query_string" en una ejecución, en conjunción con un PATH_INFO de password_forgotten.php, relacionado con el caso "ejecución SQL". • https://www.exploit-db.com/exploits/9005 http://secunia.com/advisories/35550 http://www.exploit-db.com/exploits/9005 http://www.osvdb.org/55343 http://www.securityfocus.com/bid/35468 http://www.zen-cart.com/forum/attachment.php?attachmentid=5965 http://www.zen-cart.com/forum/showthread.php?t=130161 https://exchange.xforce.ibmcloud.com/vulnerabilities/51317 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2009-2255 – Zen Cart 1.3.8 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2009-2255
Zen Cart 1.3.8a, 1.3.8, and earlier does not require administrative authentication for admin/record_company.php, which allows remote attackers to execute arbitrary code by uploading a .php file via the record_company_image parameter in conjunction with a PATH_INFO of password_forgotten.php, then accessing this file via a direct request to the file in images/. Zen Cart v1.3.8a, v1.3.8 y anteriores no requiere autenticación como administrador para el acceso a admin/record_company.php, lo que permite a atacantes remotos ejecutar código de su elección subiendo un archivo php a través del parámetro "record_company_image" junto con "PATH_INFO" de password_forgotten.php, y después accediendo a este archivo a través de una petición directa al fichero en images/. • https://www.exploit-db.com/exploits/9004 http://secunia.com/advisories/35550 http://www.exploit-db.com/exploits/9004 http://www.osvdb.org/55344 http://www.securityfocus.com/bid/35467 http://www.zen-cart.com/forum/attachment.php?attachmentid=5965 http://www.zen-cart.com/forum/showthread.php?t=130161 https://exchange.xforce.ibmcloud.com/vulnerabilities/51316 • CWE-287: Improper Authentication •
CVE-2007-3597
https://notcve.org/view.php?id=CVE-2007-3597
Session fixation vulnerability in Zen Cart 1.3.7 and earlier allows remote attackers to hijack web sessions by setting the Cookie parameter. Vulnerabilidad de fijación de sesión en Zen Cart 1.3.7 y versiones anteriores permite a atacantes remotos secuestrar sesiones web utilizando el parámetro Cookie. • http://osvdb.org/37836 http://secunia.com/advisories/25942 http://securityreason.com/securityalert/2866 http://sourceforge.net/project/shownotes.php?release_id=474574&group_id=83781 http://superb-east.dl.sourceforge.net/sourceforge/zencart/zen-cart-v1.3.7-admin-patch.zip http://www.securityfocus.com/archive/1/472875/100/0/threaded • CWE-287: Improper Authentication •
CVE-2006-5119
https://notcve.org/view.php?id=CVE-2006-5119
Multiple cross-site scripting (XSS) vulnerabilities in Zen Cart 1.3.5 allow remote attackers to inject arbitrary web script or HTML via the (1) admin_name or (2) admin_pass parameter in (a) admin/login.php, or the (3) admin_email parameter in (b) admin/password_forgotten.php. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Zen Cart 1.3.5 permiten a un atacante remoto inyectar secuencias de comandos web o HTML a través del parámetro (1) admin_name o (2) admin_pass de (a) admin/login.php, o el parámetro (3) admin_email de (b) admin/password_forgotten.php. • http://secunia.com/advisories/22118 http://securityreason.com/securityalert/1667 http://www.armorize.com/advisory.php?Keyword=Armorize-ADV-2006-0003 http://www.securityfocus.com/archive/1/447286/100/0/threaded http://www.securityfocus.com/bid/20242 http://www.vupen.com/english/advisories/2006/3849 http://www.zen-cart.com/forum/showthread.php?p=270823#post270823 http://www.zen-cart.com/forum/showthread.php?t=47526 https://exchange.xforce.ibmcloud.com/vulnerabilities/29248 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2006-4218
https://notcve.org/view.php?id=CVE-2006-4218
Directory traversal vulnerability in Zen Cart 1.3.0.2 and earlier allows remote attackers to include and possibly execute arbitrary local files via directory traversal sequences in the typefilter parameter. Vulnerabilidad de salto de directorio en Zen Cart 1.3.0.2 y anteriores permite a atacantes remotos incluir y posiblemente ejecutar archivos locales de su elección mediante secuencias de salto de directorio en el parámetro typefilter. • http://secunia.com/advisories/21484 http://www.gulftech.org/?node=research&article_id=00109-08152006 http://www.securityfocus.com/bid/19543 http://www.vupen.com/english/advisories/2006/3283 https://exchange.xforce.ibmcloud.com/vulnerabilities/28395 •