Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
remote cart remote cart vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2004-0240
Directory traversal vulnerability in X-Cart 3.4.3 allows remote malicious users to view arbitrary files via a .. (dot dot) in the shop_closed_file argument to auth.php.
Qualiteam X-cart 3.2.0
Qualiteam X-cart 3.2.1
Qualiteam X-cart 3.4.0
Qualiteam X-cart 3.4.11
Qualiteam X-cart 3.3.0
Qualiteam X-cart 3.3.2
Qualiteam X-cart 3.4.3
NA
CVE-2008-3768
Multiple SQL injection vulnerabilities in class.ajax.php in Turnkey Web Tools SunShop Shopping Cart prior to 4.1.5 allow remote malicious users to execute arbitrary SQL commands via (1) the id parameter in an edit_registry action to index.php, (2) a vector involving the check_ema...
Turnkeywebtools Sunshop Shopping Cart 4.0.5
Turnkeywebtools Sunshop Shopping Cart 4.0.6
Turnkeywebtools Sunshop Shopping Cart 4.1.3
Turnkeywebtools Sunshop Shopping Cart
Turnkeywebtools Sunshop Shopping Cart 4.0.1
Turnkeywebtools Sunshop Shopping Cart 4.0.2
Turnkeywebtools Sunshop Shopping Cart 4.0.9
Turnkeywebtools Sunshop Shopping Cart 4.1.0
Turnkeywebtools Sunshop Shopping Cart 4.0.0
Turnkeywebtools Sunshop Shopping Cart 4.0.7
Turnkeywebtools Sunshop Shopping Cart 4.0.8
Turnkeywebtools Sunshop Shopping Cart 4.0.3
Turnkeywebtools Sunshop Shopping Cart 4.0.4
Turnkeywebtools Sunshop Shopping Cart 4.1.1
Turnkeywebtools Sunshop Shopping Cart 4.1.2
1 EDB exploit
NA
CVE-2015-0950
Cross-site scripting (XSS) vulnerability in admin.php in X-Cart 5.1.6 up to and including 5.1.10 allows remote malicious users to inject arbitrary web script or HTML via the substring parameter.
Qualiteam X-cart 5.1.6
Qualiteam X-cart 5.1.7
Qualiteam X-cart 5.1.8
Qualiteam X-cart 5.1.9
Qualiteam X-cart 5.1.10
8.8
CVSSv3
CVE-2017-15285
X-Cart 5.2.23, 5.3.1.9, 5.3.2.13, and 5.3.3 is vulnerable to Remote Code Execution. This vulnerability exists because the application fails to check remote file extensions before saving locally. This vulnerability can be exploited by anyone with Vendor access or higher. One attac...
Qualiteam X-cart 5.3.1.9
Qualiteam X-cart 5.3.2.13
Qualiteam X-cart 5.3.3.0
Qualiteam X-cart 5.2.23
NA
CVE-2005-1188
Cross-site scripting (XSS) vulnerability in comersus_searchItem.asp in Comersus 3.90 to 4.51 allows remote malicious users to inject arbitrary web script or HTML via the curPage parameter.
Comersus Open Technologies Comersus Cart 4.051
Comersus Open Technologies Comersus Cart 4.14
Comersus Open Technologies Comersus Cart 4.47
Comersus Open Technologies Comersus Cart 4.27
Comersus Open Technologies Comersus Cart 4.28
Comersus Open Technologies Comersus Cart 3.90
Comersus Open Technologies Comersus Cart 4.00
Comersus Open Technologies Comersus Cart 4.29
Comersus Open Technologies Comersus Cart 4.36
Comersus Open Technologies Comersus Cart 4.20b
Comersus Open Technologies Comersus Cart 4.23
1 EDB exploit
NA
CVE-2010-4147
Multiple SQL injection vulnerabilities in Pentasoft Avactis Shopping Cart 1.9.1 build 8356 free edition and previous versions allow remote malicious users to execute arbitrary SQL commands via the User-Agent header to (1) index.php and (2) product-list.php.
Avactis Avactis Shopping Cart 1.9.0
Avactis Avactis Shopping Cart 1.8.2
Avactis Avactis Shopping Cart 1.8.0
Avactis Avactis Shopping Cart 1.8.1
Avactis Avactis Shopping Cart
NA
CVE-2007-2070
Multiple PHP remote file inclusion vulnerabilities in Turnkey Web Tools SunShop Shopping Cart prior to 3.5.1 allow remote malicious users to execute arbitrary PHP code via a URL in the abs_path parameter to (1) index.php or (2) checkout.php.
Turnkey Web Tools Sunshop Shopping Cart 3.5
Turnkey Web Tools Sunshop Shopping Cart
1 EDB exploit
NA
CVE-2007-3597
Session fixation vulnerability in Zen Cart 1.3.7 and previous versions allows remote malicious users to hijack web sessions by setting the Cookie parameter.
Zen Cart Zen Cart
NA
CVE-2005-3996
SQL injection vulnerability in admin/password_forgotten.php in Zen Cart 1.2.6d and previous versions allows remote malicious users to execute arbitrary SQL commands via the admin_email parameter.
Zen-cart Zen Cart
1 EDB exploit
NA
CVE-2009-4322
extras/ipn_test_return.php in Zen Cart allows remote malicious users to obtain sensitive information via a direct request, which reveals the installation path in an error message.
Zen-cart Zen Cart
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »