Search Results | AttackerKB

Show filters

Topics 14 Users 9,713

Clear All

Disclosure Date

Disclosure Year Disclosure Month

Collection Command and Control Credential Access Defense Evasion Discovery Execution Exfiltration Impact Initial Access Lateral Movement Persistence Privilege Escalation

14 Total Results

Displaying 1-10 of 14

Attacker Value

Unknown

CVE-2009-4547

Disclosure Date: January 04, 2010 (last updated October 04, 2023)

Multiple cross-site scripting (XSS) vulnerabilities in ViArt CMS 3.x allow remote attackers to inject arbitrary web script or HTML via the (1) category_id parameter to forums.php, or the forum_id parameter to (2) forum.php or (3) forum_topic_new.php.

0

Attacker Value

Unknown

CVE-2009-4548

Disclosure Date: January 04, 2010 (last updated October 04, 2023)

Multiple cross-site scripting (XSS) vulnerabilities in ViArt Helpdesk 3.x allow remote attackers to inject arbitrary web script or HTML via the category_id parameter to (1) products.php, (2) article.php, (3) product_details.php, or (4) reviews.php; the (5) forum_id parameter to forum.php; or the (6) search_category_id parameter to products_search.php.

0

Attacker Value

Unknown

CVE-2008-6765

Disclosure Date: April 28, 2009 (last updated October 04, 2023)

ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to access the contents of an arbitrary shopping cart via a modified cart_name parameter.

0

Attacker Value

Unknown

CVE-2008-6759

Disclosure Date: April 28, 2009 (last updated October 04, 2023)

ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to obtain sensitive information via a URL in the POST_DATA parameter to manuals_search.php, which reveals the installation path in an error message.

0

Attacker Value

Unknown

CVE-2008-6757

Disclosure Date: April 28, 2009 (last updated October 04, 2023)

Cross-site scripting (XSS) vulnerability in manuals_search.php in ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to inject arbitrary web script or HTML via the manuals_search parameter.

0

Attacker Value

Unknown

CVE-2008-6766

Disclosure Date: April 28, 2009 (last updated October 04, 2023)

cart_save.php in ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to cause a denial of service (excessive shopping carts) via a flood of requests.

0

Attacker Value

Unknown

CVE-2008-6760

Disclosure Date: April 28, 2009 (last updated October 04, 2023)

ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to obtain sensitive information via an unauthenticated add and save action for a shopping cart in cart_save.php, which reveals the SQL table names in an error message, related to code that mishandles the lack of a user_id parameter.

0

Attacker Value

Unknown

CVE-2008-6758

Disclosure Date: April 28, 2009 (last updated October 04, 2023)

Cross-site request forgery (CSRF) vulnerability in cart_save.php in ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to hijack the authentication of arbitrary users for requests that conduct persistent cross-site scripting (XSS) attacks via the cart_name parameter in a save action.

0

Attacker Value

Unknown

CVE-2008-3369

Disclosure Date: July 30, 2008 (last updated October 04, 2023)

SQL injection vulnerability in products_rss.php in ViArt Shop 3.5 and earlier allows remote attackers to execute arbitrary SQL commands via the category_id parameter.

0

Attacker Value

Unknown

CVE-2007-6347

Disclosure Date: December 13, 2007 (last updated October 04, 2023)

PHP remote file inclusion vulnerability in blocks/block_site_map.php in ViArt (1) CMS 3.3.2, (2) HelpDesk 3.3.2, (3) Shop Evaluation 3.3.2, and (4) Shop Free 3.3.2 allows remote attackers to execute arbitrary PHP code via a URL in the root_folder_path parameter. NOTE: some of these details are obtained from third party information.

0