CVE-2005-0606 – CubeCart 2.0.x - Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2005-0606
Cross-site scripting (XSS) vulnerability in settings.inc.php for CubeCart 2.0.0 through 2.0.5, as used in multiple PHP files, allows remote attackers to inject arbitrary HTML or web script via the (1) cat_id, (2) PHPSESSID, (3) view_doc, (4) product, (5) session, (6) catname, (7) search, or (8) page parameters. • https://www.exploit-db.com/exploits/25162 http://lostmon.blogspot.com/2005/02/cubecart-20x-multiple-variable-xss.html http://secunia.com/advisories/14416 http://securitytracker.com/id?1013304 http://www.cubecart.com/site/forums/index.php?showtopic=6032 http://www.securityfocus.com/bid/12658 https://exchange.xforce.ibmcloud.com/vulnerabilities/20637 •
CVE-2005-0607
https://notcve.org/view.php?id=CVE-2005-0607
CubeCart 2.0.0 through 2.0.5 allows remote attackers to determine the full path of the server via direct calls without parameters to (1) information.php, (2) language.php, (3) list_docs.php, (4) popular_prod.php, (5) sale.php, (6) subfooter.inc.php, (7) subheader.inc.php, (8) cat_navi.php, or (9) check_sum.php, which reveals the path in a PHP error message. • http://lostmon.blogspot.com/2005/02/cubecart-20x-multiple-variable-xss.html http://securitytracker.com/id?1013304 http://www.cubecart.com/site/forums/index.php?showtopic=6032 https://exchange.xforce.ibmcloud.com/vulnerabilities/20638 •
CVE-2005-0443 – Brooky CubeCart 2.0.1/2.0.4 - 'index.php?language' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2005-0443
index.php in CubeCart 2.0.4 allows remote attackers to (1) obtain the full path for the web server or (2) conduct cross-site scripting (XSS) attacks via an invalid language parameter, which echoes the parameter in a PHP error message. • https://www.exploit-db.com/exploits/25097 http://marc.info/?l=bugtraq&m=110842125901191&w=2 http://www.cubecart.com/site/forums/index.php?showtopic=5741 http://www.osvdb.org/14064 http://www.securityfocus.com/bid/12549 https://exchange.xforce.ibmcloud.com/vulnerabilities/19328 •
CVE-2005-0442 – Brooky CubeCart 2.0.1/2.0.4 - 'index.php?language' Traversal Arbitrary File Access
https://notcve.org/view.php?id=CVE-2005-0442
Directory traversal vulnerability in index.php for CubeCart 2.0.4 allows remote attackers to read arbitrary files via the language parameter. • https://www.exploit-db.com/exploits/25098 http://marc.info/?l=bugtraq&m=110842125901191&w=2 http://marc.info/?l=bugtraq&m=111281888605580&w=2 http://secunia.com/advisories/14272 http://www.cubecart.com/site/forums/index.php?showtopic=5741 http://www.securityfocus.com/bid/12549 https://exchange.xforce.ibmcloud.com/vulnerabilities/19322 •
CVE-2004-1579
https://notcve.org/view.php?id=CVE-2004-1579
index.php in CubeCart 2.0.1 allows remote attackers to gain sensitive information via an HTTP request with an invalid cat_id parameter, which reveals the full path in a PHP error message. • http://marc.info/?l=bugtraq&m=109713382400457&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/17630 •