Searching shop software vulnerabilities

Buffer overflow in IrfanView32 3.07 and earlier

IrfanView32 | overflow | Buffer |

Buffer overflow in IrfanView32 3.07 and earlier allows attackers to execute arbitrary commands via a long string after the "8BPS" image type in a Photo Shop image header.


eshop.pl in WebDiscount(e)shop allows remote at

eshoppl |

eshop.pl in WebDiscount(e)shop allows remote attackers to execute arbitrary commands via shell metacharacters in the seite parameter.


Web Shop Manager 1.1 allows remote attackers to

metacharacters | attackers | arbitrary | commands | execute | Manager | search | remote | allows | shell | Shop | box | via | Web |

Web Shop Manager 1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the search box.


Cross-site scripting (XSS) vulnerability in ind

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in index.php in ECW-Shop 5.5 allows remote attackers to inject arbitrary web script or HTML via the cat parameter.


Directory traversal vulnerability in X-Cart 3.4

vulnerability | traversal | Directory | X-Cart |

Directory traversal vulnerability in X-Cart 3.4.3 allows remote attackers to view arbitrary files via a .. (dot dot) in the shop_closed_file argument to auth.php.


Multiple cross-site scripting (XSS) vulnerabili

cross-site | scripting | Multiple |

Multiple cross-site scripting (XSS) vulnerabilities in (1) imagezoom.asp or (2) recommend.asp in Q-Shop allow remote attackers to execute arbitrary script and steal the user session ID via Javascript in a URL.


Multiple SQL injection vulnerabilities in page.

vulnerabilities | injection | iGeneric | Multiple | pagephp | SQL |

Multiple SQL injection vulnerabilities in page.php for iGeneric (iG) Shop 1.2 may allow remote attackers to execute arbitrary SQL statements via the (1) cats, (2) l_price, or (3) u_price parameters.


SQL injection vulnerability in InterAKT MX Shop

vulnerability | injection | InterAKT | Shop | SQL |

SQL injection vulnerability in InterAKT MX Shop 1.1.1 allows remote attackers to execute arbitrary SQL commands via the id_ctg parameter.


Multiple SQL injection vulnerabilities in MetaC

vulnerabilities | injection | attackers | arbitrary | MetaCart | Multiple | commands | execute | e-Shop | remote | allow | via | SQL |

Multiple SQL injection vulnerabilities in MetaCart e-Shop 8.0 allow remote attackers to execute arbitrary SQL commands via the (1) intProdID parameter in product.asp or (2) strCatalog_NAME parameter to productsByCategory.asp.


Cross-site scripting (XSS) vulnerability in pro

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in productsByCategory.asp in MetaCart e-Shop allows remote attackers to inject arbitrary web script or HTML via the strCatalog_NAME parameter.


shop_display_products.php in Naxtor Shopping Ca

shop_display_productsphp | information | attackers | sensitive | Shopping | allows | Naxtor | cat_id | remote | obtain | Cart | "'" | via |

shop_display_products.php in Naxtor Shopping Cart 1.0 allows remote attackers to obtain sensitive information via a cat_id with a "'" (single quote), which reveals the path in an error message, possibly due to an SQL injection vulnerability.


index.php in ECW-Shop 6.0.2 allows remote attac

ECW-Shop | indexphp |

index.php in ECW-Shop 6.0.2 allows remote attackers to obtain sensitive information via the (1) min or (2) max parameter with a "'" (single quote), which reveals the path in an error message, possibly due to a SQL injection vulnerability.


Cross-site scripting (XSS) vulnerability in ind

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in index.php in ECW-Shop 6.0.2 allows remote attackers to inject arbitrary web script or HTML via the (1) max or (2) ctg parameter.


ECW-Shop 6.0.2 allows remote attackers to reduc

ECW-Shop |

ECW-Shop 6.0.2 allows remote attackers to reduce the total cost of their shopping cart by specifying a negative quantity for an item, which causes the price of the item to be subtracted from the total cost.


SQL injection vulnerability in browse.asp in Qu

vulnerability | attackers | arbitrary | browseasp | injection | parameter | commands | QuadComm | execute | OrderBy | Q-Shop | allows | remote | SQL | via |

SQL injection vulnerability in browse.asp in QuadComm Q-Shop 3.5 allows remote attackers to execute arbitrary SQL commands via the OrderBy parameter.


Cross-site scripting (XSS) vulnerability in art

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in article.htm in Zwahlen Online Shop allows remote attackers to inject arbitrary web script or HTML via the cat parameter.


SQL injection vulnerability in compare_product.

compare_productphp | vulnerability | attackers | arbitrary | injection | parameter | iGeneric | commands | execute | allows | remote | Shop | SQL | via |

SQL injection vulnerability in compare_product.php in iGeneric iG Shop 1.4 allows remote attackers to execute arbitrary SQL commands via the id parameter.


Session fixation vulnerability in onelook obo S

vulnerability | PHPSESSID | attackers | fixation | sessions | setting | Session | onelook | cookie | hijack | allows | remote | Shop | obo | web |

Session fixation vulnerability in onelook obo Shop allows remote attackers to hijack web sessions by setting a PHPSESSID cookie.


Buffer overflow in Corel Paint Shop Pro 11.20 a

overflow | Buffer | Paint | Corel | Shop | Pro |

Buffer overflow in Corel Paint Shop Pro 11.20 allows user-assisted remote attackers to execute arbitrary code via a crafted .PNG file.


Multiple SQL injection vulnerabilities in A-sho

vulnerabilities | injection | Multiple | A-shop | SQL |

Multiple SQL injection vulnerabilities in A-shop 0.70 and earlier allow remote attackers to execute arbitrary SQL commands via unspecified vectors.


Software vulnerabilities results 1 to 20 of 64     
Page: 1234