someone software vulnerabilities
vulnerabilities.aspcode.net
Searching someone software vulnerabilities
** DISPUTED ** Turnkey Web Tools SunShop Shopp
information
|
sensitive
|
attackers
|
Shopping
|
DISPUTED
|
Turnkey
|
phpinfo
|
SunShop
|
obtain
|
action
|
allows
|
remote
|
Tools
|
Cart
|
Web
|
via
|
** DISPUTED ** Turnkey Web Tools SunShop Shopping Cart allows remote attackers to obtain sensitive information via a phpinfo action to (1) index.php, (2) admin/index.php, and (3) admin/adminindex.php, which executes the PHP phpinfo function. NOTE: The vendor has disputed this issue, saying that "Having this in the code makes it easier for us to troubleshoot when issues arise on individual carts. For someone to have a script to do this type of search would require that they know where your shop is actually located. I dont think it really can be construde [sic] as a security issue."
** DISPUTED ** Multiple SQL injection vulnerab
vulnerabilities
|
userscriptphp
|
arbitrary
|
injection
|
attackers
|
Multiple
|
commands
|
DISPUTED
|
earlier
|
execute
|
remote
|
Minute
|
Green
|
allow
|
via
|
SQL
|
** DISPUTED ** Multiple SQL injection vulnerabilities in userscript.php in Green Minute 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) huserid, (2) pituus, or (3) date parameters. NOTE: this issue has been disputed by the vendor, saying "those parameters mentioned ARE checked (preg_match) before they are used in SQL-query... If someone decided to add SQL-injection stuff to certain parameter, they would see an error text, but only because _nothing_ was passed inside that parameter (to MySQL-database)." As allowed by the vendor, CVE investigated this report on Thursday, May 25, 2006 and found that the demo site demonstrated a non-sensitive SQL error when given standard SQL injection manipulations.
** DISPUTED ** SQL injection vulnerability in
vulnerability
|
AFCommerce
|
attackers
|
arbitrary
|
injection
|
Shopping
|
commands
|
DISPUTED
|
Amazing
|
execute
|
remote
|
search
|
allows
|
Flash
|
field
|
Cart
|
SQL
|
via
|
** DISPUTED ** SQL injection vulnerability in Amazing Flash AFCommerce Shopping Cart allows remote attackers to execute arbitrary SQL commands via the search field. NOTE: the vendor has disputed this issue, stating "if someone were to type in any sql injection code, that code would never be queried."
Software vulnerabilities results 1 to 4 of 4
Page:
1