Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
commerce server vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-4140
The Welcart e-Commerce WordPress plugin prior to 2.8.5 does not validate user input before using it to output the content of a file, which could allow unauthenticated malicious user to read arbitrary files on the server
Collne Welcart E-commerce
NA
CVE-2023-6120
The Welcart e-Commerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.9.6 via the upload_certificate_file function. This makes it possible for administrators to upload .pem or .crt files to arbitrary locations on the server.
Collne Welcart E-commerce
NA
CVE-2021-4375
The Welcart e-Commerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the usces_download_system_information() function in versions up to, and including, 2.2.7. This makes it possible for authenticated malicious users to download in...
Collne Welcart E-commerce
NA
CVE-2023-5953
The Welcart e-Commerce WordPress plugin prior to 2.9.5 does not validate files to be uploaded, as well as does not have authorisation and CSRF in an AJAX action handling such upload. As a result, any authenticated users, such as subscriber could upload arbitrary files, such as PH...
Collne Welcart E-commerce
NA
CVE-2022-4236
The Welcart e-Commerce WordPress plugin prior to 2.8.5 does not validate user input before using it to output the content of a file via an AJAX action available to any authenticated users, which could allow users with a role as low as subscriber to read arbitrary files on the ser...
Collne Welcart E-commerce
5
CVSSv2
CVE-2000-0246
IIS 4.0 and 5.0 does not properly perform ISAPI extension processing if a virtual directory is mapped to a UNC share, which allows remote malicious users to read the source code of ASP and other files, aka the "Virtualized UNC Share" vulnerability.
Microsoft Commercial Internet System 2.5
Microsoft Internet Information Server 4.0
Microsoft Site Server Commerce 3.0
Microsoft Internet Information Services 5.0
Microsoft Proxy Server 2.0
Microsoft Site Server 3.0
Microsoft Commercial Internet System 2.0
1 EDB exploit
7.5
CVSSv2
CVE-1999-0045
List of arbitrary files on Web host via nph-test-cgi script.
Netscape Communications Server 1.1
Apache Http Server 1.0.5
Apache Http Server 0.8.11
Netscape Enterprise Server 2.0a
Apache Http Server 1.0.2
Apache Http Server 1.1
Apache Http Server 1.0
Apache Http Server 1.0.3
Apache Http Server 0.8.14
Netscape Communications Server 1.12
Netscape Commerce Server 1.12
1 EDB exploit
5
CVSSv2
CVE-1999-1069
Directory traversal vulnerability in carbo.dll in iCat Carbo Server 3.0.0 allows remote malicious users to read arbitrary files via a .. (dot dot) in the icatcommand parameter.
Icat Electronic Commerce Suite 3.0.0
1 EDB exploit
5
CVSSv2
CVE-2001-0446
IBM WCS (WebSphere Commerce Suite) 4.0.1 with Application Server 3.0.2 allows remote malicious users to read source code for .jsp files by appending a / to the requested URL.
Ibm Websphere Commerce Suite 4.0.1
9.3
CVSSv2
CVE-2007-1201
Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote malicious users to execute arbitrary code via vectors related to DataSource that trigger memory corruption, aka "Office Web Components DataSource Vulnerabilit...
Microsoft Biztalk Server 2000
Microsoft Biztalk Server 2002
Microsoft Office 2000
Microsoft Office Xp
Microsoft Visual Studio .net 2002
Microsoft Visual Studio .net 2003
Microsoft Commerce Server 2000
Microsoft Internet Security And Acceleration Server 2000
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
race condition
CVE-2024-4249
CVE-2024-4244
CVE-2023-20198
TCP
CVE-2022-48648
CVE-2022-48636
CVE-2024-21345
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »