Searching product software vulnerabilities

Privacy leak in Dansie Shopping Cart 3.04, and

Shopping | Privacy | Dansie | Cart | leak |

Privacy leak in Dansie Shopping Cart 3.04, and probably earlier versions, sends sensitive information such as user credentials to an e-mail address controlled by the product developers.


Interscan VirusWall 3.6.x and earlier follows s

uninstalling | arbitrary | overwrite | Interscan | VirusWall | symbolic | product | earlier | follows | symlink | allows | attack | files | which | links | users | local | 36x | via |

Interscan VirusWall 3.6.x and earlier follows symbolic links when uninstalling the product, which allows local users to overwrite arbitrary files via a symlink attack.


Per Magne Knutsen's CartMan shopping cart (cart

Knutsen's | shopping | CartMan | Magne | cart | Per |

Per Magne Knutsen's CartMan shopping cart (cartman.php) 1.04 and earlier allows remote attackers to modify product prices by changing the price parameter.


SQL injection vulnerability in collectstats.pl

collectstatspl | vulnerability | injection | Bugzilla | SQL |

SQL injection vulnerability in collectstats.pl for Bugzilla 2.16.3 and earlier allows remote authenticated users with editproducts privileges to execute arbitrary SQL via the product name.


DigitalHive 2.0 allows remote attackers to re-i

DigitalHive | re-install | accessing | attackers | directly | install | product | script | remote | allows |

DigitalHive 2.0 allows remote attackers to re-install the product by directly accessing the install script.


CubeCart 2.0.6 allows remote attackers to obtai

CubeCart |

CubeCart 2.0.6 allows remote attackers to obtain sensitive information via an invalid (1) language parameter to index.php, (2) PHPSESSID parameter to index.php, (3) product parameter to tellafriend.php, (4) add parameter to view_cart.php, or (5) product parameter to view_product.php, which reveals the path in a PHP error message.


phpcart.php in PHPCart 3.2 allows remote attack

information | phpcartphp | attackers | modifying | product | PHPCart | allows | remote | change | price |

phpcart.php in PHPCart 3.2 allows remote attackers to change product price information by modifying the (1) price or (2) postage parameters.


SQL injection vulnerability in login.asp in an

vulnerability | Solutions | Educators | injection | loginasp | product | unknown | Online | SQL |

SQL injection vulnerability in login.asp in an unknown product by Online Solutions for Educators (OS4E) allows remote attackers to execute arbitrary SQL commands via the password.


probe.cgi allows remote attackers to execute ar

metacharacters | arbitrary | parameter | attackers | commands | probecgi | execute | allows | olddat | remote | shell | via |

probe.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the olddat parameter. NOTE: it is unclear which product or vendor this program is associated with, if any.


SQL injection vulnerability in viewPrd.asp in P

vulnerability | viewPrdasp | idcategory | parameter | arbitrary | injection | attackers | commands | execute | Product | allows | remote | Cart | SQL | via |

SQL injection vulnerability in viewPrd.asp in Product Cart 2.6 allows remote attackers to execute arbitrary SQL commands via the idcategory parameter.


SQL injection vulnerability in product_cat in A

vulnerability | product_cat | AgileBill | injection | SQL |

SQL injection vulnerability in product_cat in AgileBill 1.4.92 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.


SQL injection vulnerability in create.php in Wi

vulnerability | createphp | injection | Imprint | Widget | SQL |

SQL injection vulnerability in create.php in Widget Imprint 1.0.26 and earlier allows remote attackers to execute arbitrary SQL commands via the product_id parameter.


Privacy leak in install.php for Diesel PHP Job

credentials | information | installphp | developers | controlled | sensitive | product | address | Privacy | e-mail | Diesel | sends | leak | Site | such | user | Job | PHP |

Privacy leak in install.php for Diesel PHP Job Site sends sensitive information such as user credentials to an e-mail address controlled by the product developers.


Adobe Contribute Publishing Server leaks the ad

administrator | installation | privileges | Contribute | Publishing | password | created | product | Server | during | allows | local | Adobe | users | leaks | which | logs | gain |

Adobe Contribute Publishing Server leaks the administrator password in logs that are created during product installation, which allows local users to gain privileges to the server.


product_review.php in Koan Software Mega Mall a

product_reviewphp | installation | attackers | parameter | Software | request | obtain | allows | remote | empty | value | Mega | Mall | path | Koan | x[] | via |

product_review.php in Koan Software Mega Mall allows remote attackers to obtain the installation path via a request with an empty value of the x[] parameter.


SQL injection vulnerability in productdetail.as

productdetailasp | vulnerability | E-SMARTCART | product_id | arbitrary | attackers | parameter | injection | commands | execute | allows | remote | SQL | via |

SQL injection vulnerability in productdetail.asp in E-SMARTCART 1.0 allows remote attackers to execute arbitrary SQL commands via the product_id parameter.


SQL injection vulnerability in product_details.

product_detailsphp | vulnerability | injection | Kshop | SQL |

SQL injection vulnerability in product_details.php in the Kshop 1.17 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the id parameter.


Unspecified vulnerability in the web-based prod

configuration | vulnerability | directories | Unspecified | Anti-Spam | attackers | Kaspersky | web-based | product | certain | obtain | access | system | before | remote | allows | MP1 |

Unspecified vulnerability in the web-based product configuration system in Kaspersky Anti-Spam before 3.0 MP1 allows remote attackers to obtain access to certain directories.


Multiple SQL injection vulnerabilities in index

vulnerabilities | Alisveris | injection | attackers | arbitrary | Multiple | commands | indexasp | execute | Scripti | Sitesi | remote | allow | via | SQL |

Multiple SQL injection vulnerabilities in index.asp in Alisveris Sitesi Scripti allow remote attackers to execute arbitrary SQL commands via the (1) product_id or (2) cat_id parameter in a product mod action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.


SQL injection vulnerability in catalog.asp in A

vulnerability | catalogasp | parameters | attackers | arbitrary | parameter | injection | commands | possibly | Catalog | execute | Product | allows | remote | other | SQL | ASP | via | cid |

SQL injection vulnerability in catalog.asp in ASP Product Catalog allows remote attackers to execute arbitrary SQL commands via the cid parameter and possibly other parameters.


Software vulnerabilities results 1 to 20 of 152     
Page: 12345...8