price software vulnerabilities
vulnerabilities.aspcode.net
Searching price software vulnerabilities
Per Magne Knutsen's CartMan shopping cart (cart
Knutsen's
|
shopping
|
CartMan
|
Magne
|
cart
|
Per
|
Per Magne Knutsen's CartMan shopping cart (cartman.php) 1.04 and earlier allows remote attackers to modify product prices by changing the price parameter.
Multiple cross-site scripting (XSS) vulnerabili
cross-site
|
scripting
|
Multiple
|
Multiple cross-site scripting (XSS) vulnerabilities in Sambar Server before 6.0 beta 6 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) isapi/testisa.dll, (2) testcgi.exe, (3) environ.pl, (4) the query parameter to samples/search.dll, (5) the price parameter to mortgage.pl, (6) the query string in dumpenv.pl, (7) the query string to dumpenv.pl, and (8) the E-Mail field of the guestbook script (book.pl).
Verisign Payflow Link, when running with empty
attackers
|
Accepted
|
properly
|
purchase
|
Verisign
|
Payflow
|
running
|
verify
|
modify
|
AMOUNT
|
hidden
|
fields
|
remote
|
allows
|
which
|
field
|
empty
|
items
|
price
|
they
|
does
|
Link
|
data
|
URL
|
not
|
Verisign Payflow Link, when running with empty Accepted URL fields, does not properly verify the data in the hidden AMOUNT field, which allows remote attackers to modify the price of the items that they purchase.
Multiple SQL injection vulnerabilities in page.
vulnerabilities
|
injection
|
iGeneric
|
Multiple
|
pagephp
|
SQL
|
Multiple SQL injection vulnerabilities in page.php for iGeneric (iG) Shop 1.2 may allow remote attackers to execute arbitrary SQL statements via the (1) cats, (2) l_price, or (3) u_price parameters.
** DISPUTED ** Dragonfly Commerce allows remot
x_DragonflyCartProductPrice
|
modifying
|
attackers
|
Dragonfly
|
DISPUTED
|
Commerce
|
product
|
hidden
|
remote
|
allows
|
change
|
field
|
price
|
** DISPUTED ** Dragonfly Commerce allows remote attackers to change a product price by modifying the x_DragonflyCartProductPrice hidden field to (1) dc_Categorieslist.asp, (2) dc_Categoriesview.asp, (3) dc_productslist.asp, and (4) dc_productslist_Clearance.asp. NOTE: the vendor has disputed this issue, saying that "Dragonfly Commerce does not allow for editing prices nor does it allow for viewing information about clients stored in the database except by the store owner and authorized staff as appointed in the store administration." However, SecurityTracker claims that they have been able to confirm the problem.
ECW-Shop 6.0.2 allows remote attackers to reduc
ECW-Shop
|
ECW-Shop 6.0.2 allows remote attackers to reduce the total cost of their shopping cart by specifying a negative quantity for an item, which causes the price of the item to be subtracted from the total cost.
SQL injection vulnerability in Widget Property
vulnerability
|
injection
|
Property
|
Widget
|
SQL
|
SQL injection vulnerability in Widget Property 1.1.19 allows remote attackers to execute arbitrary SQL commands via the (1) property_id, (2) zip_code, (3) property_type_id, (4) price, and (5) city_id parameters to property.php.
Eazy Cart allows remote attackers to change pri
easycartphp
|
unspecified
|
attackers
|
parameter
|
including
|
critical
|
probably
|
vectors
|
change
|
allows
|
remote
|
prices
|
fields
|
price
|
other
|
Eazy
|
Cart
|
via
|
Eazy Cart allows remote attackers to change prices and other critical fields via unspecified vectors to easycart.php, probably including the price parameter. NOTE: some details are obtained from third party information.
CRLF injection vulnerability in premium/index.p
premium/indexphp
|
vulnerability
|
Shop-Script
|
splitting
|
attackers
|
arbitrary
|
injection
|
sequences
|
response
|
headers
|
conduct
|
attacks
|
remote
|
allows
|
inject
|
CRLF
|
HTTP
|
via
|
CRLF injection vulnerability in premium/index.php in Shop-Script allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the (1) links_exchange, (2) news, (3) search_with_change_category_ability, (4) logging, (5) feedback, (6) show_price, (7) register, (8) answer, (9) productID, and (10) inside parameters.
Multiple SQL injection vulnerabilities in Great
vulnerabilities
|
Cincinnati
|
injection
|
Solutions
|
Internet
|
Multiple
|
Greater
|
SQL
|
Multiple SQL injection vulnerabilities in Greater Cincinnati Internet Solutions (GCIS) ASPCart allow remote attackers to execute arbitrary SQL commands via (1) the prodid parameter in (a) prodetails.asp; (2) the page parameter in (b) display.asp; the (3) custid, (4) item, (5) price, (6) custom, (7) department, (8) start, (9) quantity, (10) submit, (11) custom1, (12) custom2, or (13) custom3 parameters in (c) addcart.asp; or the (14) customerid parameter in (d) payment.asp.
Multiple SQL injection vulnerabilities in vehic
vehiclelistingsasp
|
vulnerabilities
|
arbitrary
|
attackers
|
injection
|
commands
|
Multiple
|
execute
|
Gallery
|
remote
|
20/20
|
allow
|
Auto
|
via
|
SQL
|
Multiple SQL injection vulnerabilities in vehiclelistings.asp in 20/20 Auto Gallery allow remote attackers to execute arbitrary SQL commands via the (1) vehicleID, (2) categoryID_list, (3) sale_type, (4) stock_number, (5) manufacturer, (6) model, (7) vehicleID, (8) year, (9) vin, and (10) listing_price parameters.
viewcart in Midicart accepts negative numbers i
negative
|
Midicart
|
viewcart
|
numbers
|
accepts
|
Qty
|
viewcart in Midicart accepts negative numbers in the Qty (quantity) field, which allows remote attackers to obtain a smaller total price for a shopping cart.
Software vulnerabilities results 1 to 13 of 13
Page:
1