Searching x cart software vulnerabilities

An incorrect configuration of the WebStore 1.0

"web_storecgi" | configuration | information | incorrect | disclose | WebStore | shopping | private | program | could | cart | CGI |

An incorrect configuration of the WebStore 1.0 shopping cart CGI program "web_store.cgi" could disclose private information.


An incorrect configuration of the Order Form 1.

configuration | information | incorrect | disclose | shopping | program | private | could | Order | Form | cart | CGI |

An incorrect configuration of the Order Form 1.0 shopping cart CGI program could disclose private information.


An incorrect configuration of the EZMall 2000 s

configuration | incorrect | EZMall |

An incorrect configuration of the EZMall 2000 shopping cart CGI program "mall2000.cgi" could disclose private information.


The X Windows service is running.

running | service | Windows |

The X Windows service is running.


The SalesCart shopping cart application allows

application | information | SalesCart | sensitive | purchase | shopping | fields | hidden | remote | allows | modify | users | form | cart | via |

The SalesCart shopping cart application allows remote users to modify sensitive purchase information via hidden form fields.


The SmartCart shopping cart application allows

application | information | SmartCart | sensitive | purchase | shopping | fields | hidden | remote | allows | modify | users | form | cart | via |

The SmartCart shopping cart application allows remote users to modify sensitive purchase information via hidden form fields.


The Shoptron shopping cart application allows r

application | information | sensitive | Shoptron | purchase | shopping | fields | hidden | remote | allows | modify | users | form | cart | via |

The Shoptron shopping cart application allows remote users to modify sensitive purchase information via hidden form fields.


The EasyCart shopping cart application allows r

application | information | sensitive | EasyCart | purchase | shopping | fields | hidden | remote | allows | modify | users | form | cart | via |

The EasyCart shopping cart application allows remote users to modify sensitive purchase information via hidden form fields.


The Intellivend shopping cart application allow

application | information | Intellivend | sensitive | purchase | shopping | fields | hidden | remote | allows | modify | users | form | cart | via |

The Intellivend shopping cart application allows remote users to modify sensitive purchase information via hidden form fields.


X-Cart 3.4.3 allows remote attackers to execute

X-Cart |

X-Cart 3.4.3 allows remote attackers to execute arbitrary commands via the perl_binary argument in (1) upgrade.php or (2) general.php.


X-Cart 3.4.3 allows remote attackers to gain se

X-Cart |

X-Cart 3.4.3 allows remote attackers to gain sensitive information via a mode parameter with (1) phpinfo command or (2) perlinfo command.


SQL injection vulnerability in category.asp in

vulnerability | categoryasp | privileges | attackers | injection | parameter | catcode | remote | A-CART | allows | gain | SQL | Pro | via |

SQL injection vulnerability in category.asp in A-CART Pro and A-CART 2.0 allows remote attackers to gain privileges via the catcode parameter.


Multiple cross-site scripting (XSS) vulnerabili

cross-site | scripting | Multiple |

Multiple cross-site scripting (XSS) vulnerabilities in (1) deliver.asp and (2) billing.asp in A-CART Pro and A-CART 2.0 allow remote attackers to inject arbitrary web script or HTML via the user information forms.


Multiple SQL injection vulnerabilities in Quali

vulnerabilities | Qualiteam | injection | Multiple | X-Cart | SQL |

Multiple SQL injection vulnerabilities in Qualiteam X-Cart 4.0.8 allow remote attackers to execute arbitrary SQL commands via the (1) cat or (2) printable parameter to home.php, (3) productid or (4) mode parameter to product.php, (5) id parameter to error_message.php, (6) section parameter to help.php, (7) mode parameter to orders.php, (8) mode parameter to register.php, (9) mode parameter to search.php, or the (10) gcid or (11) gcindex parameter to giftcert.php.


Multiple cross-site scripting (XSS) vulnerabili

cross-site | scripting | Multiple |

Multiple cross-site scripting (XSS) vulnerabilities in Qualiteam X-Cart 4.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) cat or (2) printable parameter to home.php, (3) productid or (4) mode parameter to product.php, (5) id parameter to error_message.php, (6) section parameter to help.php, (7) mode parameter to orders.php, (8) mode parameter to register.php, (9) mode parameter to search.php, or the (10) gcid or (11) gcindex parameter to giftcert.php.


PHP remote file inclusion vulnerability in cart

cart_contentphp | vulnerability | Squirrelcart | inclusion | remote | file | PHP |

PHP remote file inclusion vulnerability in cart_content.php in Squirrelcart 2.2.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cart_isp_root parameter.


** DISPUTED ** SQL injection vulnerability in

vulnerability | searchphp | injection | DISPUTED | X-Cart | Gold | Pro | SQL |

** DISPUTED ** SQL injection vulnerability in search.php in X-Cart Gold and Pro 4.0.18, and X-Cart 4.1.0 beta 1, allows remote attackers to execute arbitrary SQL commands via the "Search for pattern" field, when the settings specify only "Search in Detailed description" and "Search also in ISBN." NOTE: the vendor disputed this issue in a comment on the original researcher's blog, saying "the bug does not impose any security threat and remote attackers can't add, modify, or delete information in the back-end database by sending specially-crafted SQL statements to the search.php script using various search parameters." As of Monday, June 05, 2006, the original blog entry is unavailable, although ISS also reports the same dispute. CVE has not been able to investigate this issue further, although the researcher sometimes makes inaccurate claims.


Dynamic variable evaluation vulnerability in cm

vulnerability | evaluation | Qualiteam | variable | cmpiphp | Dynamic | X-Cart |

Dynamic variable evaluation vulnerability in cmpi.php in Qualiteam X-Cart 4.1.3 and earlier allows remote attackers to overwrite arbitrary program variables and execute arbitrary PHP code, as demonstrated by PHP remote file inclusion via the xcart_dir parameter.


Multiple cross-site scripting (XSS) vulnerabili

cross-site | scripting | Multiple |

Multiple cross-site scripting (XSS) vulnerabilities in Zen Cart Web Shopping Cart before 1.3.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.


Multiple PHP remote file inclusion vulnerabilit

vulnerabilities | inclusion | attackers | arbitrary | parameter | xcart_dir | Multiple | execute | remote | X-Cart | allow | file | code | PHP | via | URL |

Multiple PHP remote file inclusion vulnerabilities in X-Cart allow remote attackers to execute arbitrary PHP code via a URL in the xcart_dir parameter to (1) config.php, (2) prepare.php, (3) smarty.php, (4) customer/product.php, (5) provider/auth.php, and (6) admin/auth.php.


Software vulnerabilities results 1 to 20 of 703     
Page: 12345...36