CVSS: 6.1EPSS: 10%CPEs: 1EXPL: 8CVE-2015-2182 – Zeuscart 4.0 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2015-2182
11 Mar 2015 — Multiple cross-site scripting (XSS) vulnerabilities in ZeusCart 4 allow remote attackers to inject arbitrary web script or HTML via the (1) schltr parameter in a brands action or (2) brand parameter in a viewbrands action to index.php. NOTE: The search parameter vector is already covered by CVE-2010-5322. Múltiples vulnerabilidades de XSS en ZeusCart 4 permiten a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través (1) del parámetro schltr en una acción brands o (2) del parámetr... • https://www.exploit-db.com/exploits/36159 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 8%CPEs: 1EXPL: 9CVE-2010-5322 – Zeuscart 4.0 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2010-5322
11 Mar 2015 — Cross-site scripting (XSS) vulnerability in ZeusCart 4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter in a search action to index.php. Vulnerabilidad de XSS en ZeusCart 4.0 y anteriores permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través del parámetro search en una acción de búsqueda en index.php. • https://www.exploit-db.com/exploits/36159 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 17%CPEs: 1EXPL: 7CVE-2015-2184 – Zeuscart 4.0 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2015-2184
10 Mar 2015 — ZeusCart 4 allows remote attackers to obtain configuration information via a getphpinfo action to admin/, which calls the phpinfo function. ZeusCart 4 permite a atacantes remotos obtener información de configuraciones a través de una acción getphpinfo en admin/, que llama a la función phpinfo. • https://www.exploit-db.com/exploits/36159 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 3CVE-2009-4989 – AJ Auction Pro 3.0 - 'txtkeyword' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2009-4989
25 Aug 2010 — Cross-site scripting (XSS) vulnerability in index.php in AJ Auction Pro OOPD 3.0 allows remote attackers to inject arbitrary web script or HTML via the txtkeyword parameter in a search action. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en index.php en AJ Auction Pro OOPD v3.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro txtkeyword en una acción de búsqueda. • https://www.exploit-db.com/exploits/33147 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 3CVE-2010-2915 – AJ HYIP PRIME - 'welcome.php?id' Blind SQL Injection
https://notcve.org/view.php?id=CVE-2010-2915
30 Jul 2010 — SQL injection vulnerability in welcome.php in AJ Square AJ HYIP PRIME allows remote attackers to execute arbitrary SQL commands via the id parameter. Vulnerabilidad de inyección SQL en welcome.php de AJ Square AJ HYIP MERIDIAN apermite a atacantes remotos ejecutar comandos SQL de su elección welcome.php de AJ Square AJ HYIP MERIDIANa través del parámetro id. • https://www.exploit-db.com/exploits/14435 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 3CVE-2010-2916 – AJ HYIP MERIDIAN - 'news.php?id' Blind SQL Injection
https://notcve.org/view.php?id=CVE-2010-2916
30 Jul 2010 — SQL injection vulnerability in news.php in AJ Square AJ HYIP MERIDIAN allows remote attackers to execute arbitrary SQL commands via the id parameter. Vulnerabilidad de inyección SQL en news.php de AJ Square AJ HYIP MERIDIAN apermite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro id. • https://www.exploit-db.com/exploits/14436 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 4%CPEs: 1EXPL: 3CVE-2010-2917 – AJ Article 3.0 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2010-2917
30 Jul 2010 — Multiple cross-site scripting (XSS) vulnerabilities in index.php in AJ Square AJ Article 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) emailid, (2) fname, (3) lname, (4) company, (5) address1, (6) address2, (7) city, (8) state, (9) zipcode, (10) phone, and (11) fax parameters in an update action. NOTE: some of these details are obtained from third party information. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en index.php de AJ Square AJ Arti... • https://www.exploit-db.com/exploits/14354 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 3CVE-2010-1876 – AJ Shopping Cart 1.0 (maincatid) - SQL Injection
https://notcve.org/view.php?id=CVE-2010-1876
11 May 2010 — SQL injection vulnerability in index.php in AJ Shopping Cart 1.0 allows remote attackers to execute arbitrary SQL commands via the maincatid parameter in a showmaincatlanding action. Vulnerabilidad de inyección SQL en index.php en la AJ Shopping Cart v1.0 permite a atacantes remotos ejecutar comandos SQL a través del parámetro maincatid en una acción showmaincatlanding. • https://www.exploit-db.com/exploits/12349 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2009-3203 – AJ Auction Pro OOPD 2.x - 'id' SQL Injection
https://notcve.org/view.php?id=CVE-2009-3203
16 Sep 2009 — SQL injection vulnerability in store.php in AJ Auction Pro OOPD 2.x allows remote attackers to execute arbitrary SQL commands via the id parameter. Vulnerabilidad de inyección SQL en store.php en AJ Auction Pro OOPD v2.x permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro id. • https://www.exploit-db.com/exploits/9447 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2008-7041 – Aj Classifieds - Authentication Bypass
https://notcve.org/view.php?id=CVE-2008-7041
24 Aug 2009 — AJ Classifieds allows remote attackers to bypass authentication and gain administrator privileges via a direct request to admin/home.php. AJ Classifieds permite a atacantes remotos saltarse la autenticación y obtener privilegios de administrador a través de una petición directa sobre admin/home.php. • https://www.exploit-db.com/exploits/7089 • CWE-287: Improper Authentication •