Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
remote cart remote cart vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2004-0240
Directory traversal vulnerability in X-Cart 3.4.3 allows remote malicious users to view arbitrary files via a .. (dot dot) in the shop_closed_file argument to auth.php.
Qualiteam X-cart 3.2.0
Qualiteam X-cart 3.2.1
Qualiteam X-cart 3.4.0
Qualiteam X-cart 3.4.11
Qualiteam X-cart 3.3.0
Qualiteam X-cart 3.3.2
Qualiteam X-cart 3.4.3
7.5
CVSSv2
CVE-2008-3768
Multiple SQL injection vulnerabilities in class.ajax.php in Turnkey Web Tools SunShop Shopping Cart prior to 4.1.5 allow remote malicious users to execute arbitrary SQL commands via (1) the id parameter in an edit_registry action to index.php, (2) a vector involving the check_ema...
Turnkeywebtools Sunshop Shopping Cart 4.0.5
Turnkeywebtools Sunshop Shopping Cart 4.0.6
Turnkeywebtools Sunshop Shopping Cart 4.1.3
Turnkeywebtools Sunshop Shopping Cart
Turnkeywebtools Sunshop Shopping Cart 4.0.1
Turnkeywebtools Sunshop Shopping Cart 4.0.2
Turnkeywebtools Sunshop Shopping Cart 4.0.9
Turnkeywebtools Sunshop Shopping Cart 4.1.0
Turnkeywebtools Sunshop Shopping Cart 4.0.0
Turnkeywebtools Sunshop Shopping Cart 4.0.7
Turnkeywebtools Sunshop Shopping Cart 4.0.8
Turnkeywebtools Sunshop Shopping Cart 4.0.3
Turnkeywebtools Sunshop Shopping Cart 4.0.4
Turnkeywebtools Sunshop Shopping Cart 4.1.1
Turnkeywebtools Sunshop Shopping Cart 4.1.2
1 EDB exploit
4.3
CVSSv2
CVE-2015-0950
Cross-site scripting (XSS) vulnerability in admin.php in X-Cart 5.1.6 up to and including 5.1.10 allows remote malicious users to inject arbitrary web script or HTML via the substring parameter.
Qualiteam X-cart 5.1.6
Qualiteam X-cart 5.1.7
Qualiteam X-cart 5.1.8
Qualiteam X-cart 5.1.9
Qualiteam X-cart 5.1.10
6.5
CVSSv2
CVE-2017-15285
X-Cart 5.2.23, 5.3.1.9, 5.3.2.13, and 5.3.3 is vulnerable to Remote Code Execution. This vulnerability exists because the application fails to check remote file extensions before saving locally. This vulnerability can be exploited by anyone with Vendor access or higher. One attac...
Qualiteam X-cart 5.3.1.9
Qualiteam X-cart 5.3.2.13
Qualiteam X-cart 5.3.3.0
Qualiteam X-cart 5.2.23
4.3
CVSSv2
CVE-2005-1188
Cross-site scripting (XSS) vulnerability in comersus_searchItem.asp in Comersus 3.90 to 4.51 allows remote malicious users to inject arbitrary web script or HTML via the curPage parameter.
Comersus Open Technologies Comersus Cart 4.051
Comersus Open Technologies Comersus Cart 4.14
Comersus Open Technologies Comersus Cart 4.47
Comersus Open Technologies Comersus Cart 4.27
Comersus Open Technologies Comersus Cart 4.28
Comersus Open Technologies Comersus Cart 3.90
Comersus Open Technologies Comersus Cart 4.00
Comersus Open Technologies Comersus Cart 4.29
Comersus Open Technologies Comersus Cart 4.36
Comersus Open Technologies Comersus Cart 4.20b
Comersus Open Technologies Comersus Cart 4.23
1 EDB exploit
7.5
CVSSv2
CVE-2010-4147
Multiple SQL injection vulnerabilities in Pentasoft Avactis Shopping Cart 1.9.1 build 8356 free edition and previous versions allow remote malicious users to execute arbitrary SQL commands via the User-Agent header to (1) index.php and (2) product-list.php.
Avactis Avactis Shopping Cart 1.9.0
Avactis Avactis Shopping Cart 1.8.2
Avactis Avactis Shopping Cart 1.8.0
Avactis Avactis Shopping Cart 1.8.1
Avactis Avactis Shopping Cart
8.5
CVSSv2
CVE-2007-3597
Session fixation vulnerability in Zen Cart 1.3.7 and previous versions allows remote malicious users to hijack web sessions by setting the Cookie parameter.
Zen Cart Zen Cart
5.1
CVSSv2
CVE-2005-3996
SQL injection vulnerability in admin/password_forgotten.php in Zen Cart 1.2.6d and previous versions allows remote malicious users to execute arbitrary SQL commands via the admin_email parameter.
Zen-cart Zen Cart
1 EDB exploit
5
CVSSv2
CVE-2009-4322
extras/ipn_test_return.php in Zen Cart allows remote malicious users to obtain sensitive information via a direct request, which reveals the installation path in an error message.
Zen-cart Zen Cart
7.5
CVSSv2
CVE-2006-5245
Eazy Cart allows remote malicious users to bypass authentication and gain administrative access via a direct request for admin/home/index.php, and possibly other PHP scripts under admin/.
Eazy Cart Eazy Cart
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »