Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
oscommerce oscommerce vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2006-6533
Directory traversal vulnerability in admin/templates_boxes_layout.php in osCommerce 3.0a3 allows remote malicious users to include and execute arbitrary PHP files via a .. (dot dot) in the filter parameter. NOTE: this issue can be leveraged to obtain full path information in erro...
Oscommerce Oscommerce 3.0a3
NA
CVE-2006-6534
Multiple cross-site scripting (XSS) vulnerabilities in osCommerce 3.0a3 allow remote malicious users to inject arbitrary web script or HTML via the (1) set parameter to admin/modules.php, the (2) selected_box parameter to definitiva/admin/customers.php, the (3) lID parameter to a...
Oscommerce Oscommerce 3.0a3
NA
CVE-2002-2019
PHP remote file inclusion vulnerability in include_once.php in osCommerce (a.k.a. Exchange Project) 2.1 allows remote malicious users to execute arbitrary PHP code via the include_file parameter.
Oscommerce Oscommerce 2.1
1 EDB exploit
NA
CVE-2005-2330
Directory traversal vulnerability in extras/update.php in osCommerce 2.2 allows remote malicious users to read arbitrary files via (1) .. sequences or (2) a full pathname in the readme_file parameter.
Oscommerce Oscommerce 2.2 Ms2
1 EDB exploit
NA
CVE-2011-3767
osCommerce 3.0a5 allows remote malicious users to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by redirect.php.
Oscommerce Oscommerce 3.0a5
NA
CVE-2002-1991
PHP file inclusion vulnerability in osCommerce 2.1 execute arbitrary commands via the include_file parameter to include_once.php.
Oscommerce Oscommerce 2.1
1 EDB exploit
NA
CVE-2011-4543
Multiple directory traversal vulnerabilities in osCommerce 3.0.2 allow remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the (1) set or (2) module parameter to (a) OM/Core/Site/Admin/Application/templates_modules/pages/info.php, (b) OM/Core...
Oscommerce Oscommerce 3.0.2
NA
CVE-2012-5794
The MoneyBookers module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle malicious users to spoof SSL servers via an arbitrary valid...
Moneybookers Moneybookers -
Oscommerce Oscommerce -
NA
CVE-2012-2991
The PayPal (aka MODULE_PAYMENT_PAYPAL_STANDARD) module prior to 1.1 in osCommerce Online Merchant prior to 2.3.4 allows remote malicious users to set the payment recipient via a modified value of the merchant's e-mail address, as demonstrated by setting the recipient to one&...
Oscommerce Online Merchant 2.3.2
Oscommerce Online Merchant
Oscommerce Online Merchant 2.3.0
Oscommerce Online Merchant 2.3.1
Paypal Website Payments Standard Module
NA
CVE-2012-5796
The PayPal Pro module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle malicious users to spoof SSL servers via an arbitrary valid c...
Oscommerce Oscommerce -
Paypal Paypal Pro -
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »