CVE-2008-6616 – Zen Cart 2008 - 'index.php?keyword' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-6616
Cross-site scripting (XSS) vulnerability in index.php in Zen Software Zen Cart 2008 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter in the advanced_search_result page. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en index.php en Zen Software Zen Cart 2008 permite a atacantes remotos inyectar web script o HTML de su elección a través del parámetro "keyword" en la página advanced_search_result. NOTA: la procedencia de esta información es desconocida; los detalles han sido obtenidos solamente a partir de la información de terceros. • https://www.exploit-db.com/exploits/31726 http://downloads.securityfocus.com/vulnerabilities/exploits/29020.html http://www.securityfocus.com/bid/29020 https://exchange.xforce.ibmcloud.com/vulnerabilities/42162 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2008-6615 – Zen Cart 2008 - 'index.php?keyword' SQL Injection
https://notcve.org/view.php?id=CVE-2008-6615
SQL injection vulnerability in index.php in Zen Software Zen Cart 2008 allows remote attackers to execute arbitrary SQL commands via the keyword parameter in the advanced_search_result page. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Vulnerabilidad de inyección SQL en index.php en Zen Software Zen Cart 2008 permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "keyword" en la página advanced_search_result. NOTA: la procedencia de esta información es desconocida; los detalles han sido obtenidos solamente a partir de la información de terceros. • https://www.exploit-db.com/exploits/31725 http://downloads.securityfocus.com/vulnerabilities/exploits/29020.html http://www.securityfocus.com/bid/29020 https://exchange.xforce.ibmcloud.com/vulnerabilities/42161 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2007-3597
https://notcve.org/view.php?id=CVE-2007-3597
Session fixation vulnerability in Zen Cart 1.3.7 and earlier allows remote attackers to hijack web sessions by setting the Cookie parameter. Vulnerabilidad de fijación de sesión en Zen Cart 1.3.7 y versiones anteriores permite a atacantes remotos secuestrar sesiones web utilizando el parámetro Cookie. • http://osvdb.org/37836 http://secunia.com/advisories/25942 http://securityreason.com/securityalert/2866 http://sourceforge.net/project/shownotes.php?release_id=474574&group_id=83781 http://superb-east.dl.sourceforge.net/sourceforge/zencart/zen-cart-v1.3.7-admin-patch.zip http://www.securityfocus.com/archive/1/472875/100/0/threaded • CWE-287: Improper Authentication •
CVE-2006-6868
https://notcve.org/view.php?id=CVE-2006-6868
Multiple cross-site scripting (XSS) vulnerabilities in Zen Cart Web Shopping Cart before 1.3.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Zen Cart Web Shopping Cart anterior 1.3.7 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://secunia.com/advisories/23482 http://www.securityfocus.com/bid/21842 http://www.vupen.com/english/advisories/2007/0022 http://www.zen-cart.com/forum/showthread.php?t=54615 https://exchange.xforce.ibmcloud.com/vulnerabilities/31202 •
CVE-2006-5119
https://notcve.org/view.php?id=CVE-2006-5119
Multiple cross-site scripting (XSS) vulnerabilities in Zen Cart 1.3.5 allow remote attackers to inject arbitrary web script or HTML via the (1) admin_name or (2) admin_pass parameter in (a) admin/login.php, or the (3) admin_email parameter in (b) admin/password_forgotten.php. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Zen Cart 1.3.5 permiten a un atacante remoto inyectar secuencias de comandos web o HTML a través del parámetro (1) admin_name o (2) admin_pass de (a) admin/login.php, o el parámetro (3) admin_email de (b) admin/password_forgotten.php. • http://secunia.com/advisories/22118 http://securityreason.com/securityalert/1667 http://www.armorize.com/advisory.php?Keyword=Armorize-ADV-2006-0003 http://www.securityfocus.com/archive/1/447286/100/0/threaded http://www.securityfocus.com/bid/20242 http://www.vupen.com/english/advisories/2006/3849 http://www.zen-cart.com/forum/showthread.php?p=270823#post270823 http://www.zen-cart.com/forum/showthread.php?t=47526 https://exchange.xforce.ibmcloud.com/vulnerabilities/29248 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •