oscommerce software vulnerabilities

Searching oscommerce software vulnerabilities

PHP remote file inclusion vulnerability in incl

PHP remote file inclusion vulnerability in include_once.php in osCommerce (a.k.a. Exchange Project) 2.1 allows remote attackers to execute arbitrary PHP code via the include_file parameter.

Cross-site scripting (XSS) vulnerability in the

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in the tep_href_link function in html_output.php for osCommerce before 2.2-MS3 allows remote attackers to inject arbitrary web script or HTML via the osCsid parameter.

Directory traversal vulnerability in file_manag

Directory traversal vulnerability in file_manager.php in osCommerce 2.2 allows remote attackers to view arbitrary files via a .. (dot dot) in the filename argument.

The Admin Access With Levels plugin in osCommer

The Admin Access With Levels plugin in osCommerce 1.5.1 allows remote attackers to access files in the "admin/" directory by modifying the in_login parameter to a non-zero value.

Cross-site scripting (XSS) vulnerability in con

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in contact_us.php in osCommerce 2.2-MS2 allows remote attackers to inject arbitrary web script or HTML via the enquiry parameter.

Multiple HTTP Response Splitting vulnerabilitie

Multiple HTTP Response Splitting vulnerabilities in osCommerce 2.2 Milestone 2 and earlier allow remote attackers to spoof web content and poison web caches via hex-encoded CRLF ("%0d%0a") sequences in the (1) products_id or (2) pid parameter to index.php or (3) goto parameter to banner.php.

Directory traversal vulnerability in extras/upd

Directory traversal vulnerability in extras/update.php in osCommerce 2.2 allows remote attackers to read arbitrary files via (1) .. sequences or (2) a full pathname in the readme_file parameter.

SQL injection vulnerability in additional_image

additional_imagesphp | vulnerability | injection | SQL |

SQL injection vulnerability in additional_images.php (aka the Additional Images module) before 1.14 in osCommerce allows remote attackers to execute arbitrary SQL commands via the products_id parameter to product_info.php.

CRE Loaded 6.15 allows remote attackers to perf

Loaded | CRE |

CRE Loaded 6.15 allows remote attackers to perform privileged actions, including uploading and creating arbitrary files, via a direct request to files.php. NOTE: the vendor states "The initial announcement of this risk was made on our website... and it included a patch which will close the vulnerability on all known 6.0x and 6.1x releases. We strongly encourage users of CRE Loaded 6.x, osCMax, and other users of osCommerce who have installed HTMLArea based WYSIWYG editors and Admin Access with Levels to modify thier installations at the earliest possible moment."

SQL injection vulnerability in shopping_cart.ph

SQL injection vulnerability in shopping_cart.php in osCommerce before 2.2 Milestone 2 060817 allows remote attackers to execute arbitrary SQL commands via id array parameters.

Multiple directory traversal vulnerabilities in

Multiple directory traversal vulnerabilities in cache.php in osCommerce before 2.2 Milestone 2 060817 allow remote attackers to determine existence of arbitrary files and disclose the installation path via a .. (dot dot) in unspecified parameters in the (1) tep_cache_also_purchased, (2) tep_cache_manufacturers_box, and (3) tep_cache_categories_box functions.

Multiple cross-site scripting (XSS) vulnerabili

cross-site | scripting | Multiple |

Multiple cross-site scripting (XSS) vulnerabilities in osCommerce 2.2 Milestone 2 Update 060817 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter in the (a) banner_manager.php, (b) banner_statistics.php, (c) countries.php, (d) currencies.php, (e) languages.php, (f) manufacturers.php, (g) newsletters.php, (h) orders_status.php, (i) products_attributes.php, (j) products_expected.php, (k) reviews.php, (l) specials.php, (m) stats_products_purchased.php, (n) stats_products_viewed.php, (o) tax_classes.php, (p) tax_rates.php, or (q) zones.php scripts in /admin, and the (2) zpage parameter in (r) admin/geo_zones.php.

Directory traversal vulnerability in admin/temp

Directory traversal vulnerability in admin/templates_boxes_layout.php in osCommerce 3.0a3 allows remote attackers to include and execute arbitrary PHP files via a .. (dot dot) in the filter parameter. NOTE: this issue can be leveraged to obtain full path information in error messages.

Multiple cross-site scripting (XSS) vulnerabili

cross-site | scripting | Multiple |

Multiple cross-site scripting (XSS) vulnerabilities in osCommerce 3.0a3 allow remote attackers to inject arbitrary web script or HTML via the (1) set parameter to admin/modules.php, the (2) selected_box parameter to definitiva/admin/customers.php, the (3) lID parameter to admin/languages_definitions.php, or the (4) pID parameter to admin/products.php.

DISPUTED Directory traversal vulnerabili

** DISPUTED ** Directory traversal vulnerability in index.php in PHP Point Of Sale for osCommerce 1.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cfg_language parameter. NOTE: this issue has been disputed by CVE, since the cfg_language variable is configured upon proper product installation.

Software vulnerabilities results 1 to 16 of 16

Page: 1

oscommerce software vulnerabilities

vulnerabilities.aspcode.net

Searching oscommerce software vulnerabilities