Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
21 vulnerabilities by devellion
CVE-2007-2862 (GCVE-0-2007-2862)
Vulnerability from cvelistv5 – Published: 2007-05-24 19:00 – Updated: 2024-08-07 13:57
VLAI
Summary
Multiple SQL injection vulnerabilities in CubeCart 3.0.16 might allow remote attackers to execute arbitrary SQL commands via an unspecified parameter to cart.inc.php and certain other files in an include directory, related to missing sanitization of the $option variable and possibly cookie modification.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://osvdb.org/38100 | vdb-entryx_refsource_OSVDB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/24100 | vdb-entryx_refsource_BID |
| http://www.securityfocus.com/archive/1/469301/100… | mailing-listx_refsource_BUGTRAQ |
| http://securityreason.com/securityalert/2730 | third-party-advisoryx_refsource_SREASON |
Date Public
2007-05-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:57:54.518Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "38100",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38100"
},
{
"name": "cubecart-unspecified-sql-injection(34460)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34460"
},
{
"name": "24100",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24100"
},
{
"name": "20070521 RedLevel Advisory #021 - CubeCart v3.0.16 SQL Injection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/469301/100/0/threaded"
},
{
"name": "2730",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2730"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in CubeCart 3.0.16 might allow remote attackers to execute arbitrary SQL commands via an unspecified parameter to cart.inc.php and certain other files in an include directory, related to missing sanitization of the $option variable and possibly cookie modification."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "38100",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38100"
},
{
"name": "cubecart-unspecified-sql-injection(34460)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34460"
},
{
"name": "24100",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24100"
},
{
"name": "20070521 RedLevel Advisory #021 - CubeCart v3.0.16 SQL Injection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/469301/100/0/threaded"
},
{
"name": "2730",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2730"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2862",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in CubeCart 3.0.16 might allow remote attackers to execute arbitrary SQL commands via an unspecified parameter to cart.inc.php and certain other files in an include directory, related to missing sanitization of the $option variable and possibly cookie modification."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38100",
"refsource": "OSVDB",
"url": "http://osvdb.org/38100"
},
{
"name": "cubecart-unspecified-sql-injection(34460)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34460"
},
{
"name": "24100",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24100"
},
{
"name": "20070521 RedLevel Advisory #021 - CubeCart v3.0.16 SQL Injection Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/469301/100/0/threaded"
},
{
"name": "2730",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2730"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2862",
"datePublished": "2007-05-24T19:00:00.000Z",
"dateReserved": "2007-05-24T00:00:00.000Z",
"dateUpdated": "2024-08-07T13:57:54.518Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2550 (GCVE-0-2007-2550)
Vulnerability from cvelistv5 – Published: 2007-05-09 10:00 – Updated: 2024-08-07 13:42
VLAI
Summary
Multiple CRLF injection vulnerabilities in Devellion CubeCart 3.0.15 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a cookie name beginning with "ccSID" to (1) cart.php or (2) index.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/23852 | vdb-entryx_refsource_BID |
| http://osvdb.org/36210 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/archive/1/467828/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/archive/1/468053/100… | mailing-listx_refsource_BUGTRAQ |
| http://securityreason.com/securityalert/2678 | third-party-advisoryx_refsource_SREASON |
| http://osvdb.org/36209 | vdb-entryx_refsource_OSVDB |
| http://www.cubecart.com/site/forums/index.php?s=0… | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2007-05-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:42:33.425Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "23852",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23852"
},
{
"name": "36210",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/36210"
},
{
"name": "20070505 UPDATED: CubeCart (v3.0.15) - CRLF Injection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/467828/100/0/threaded"
},
{
"name": "20070509 Re: UPDATED: CubeCart (v3.0.15) - CRLF Injection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/468053/100/0/threaded"
},
{
"name": "2678",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2678"
},
{
"name": "36209",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/36209"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.cubecart.com/site/forums/index.php?s=0cbaa8a2f26fc573d1fc888285f610b1\u0026showtopic=27418"
},
{
"name": "cubecart-cart-index-crlf-header-injection(34141)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34141"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple CRLF injection vulnerabilities in Devellion CubeCart 3.0.15 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a cookie name beginning with \"ccSID\" to (1) cart.php or (2) index.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "23852",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23852"
},
{
"name": "36210",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/36210"
},
{
"name": "20070505 UPDATED: CubeCart (v3.0.15) - CRLF Injection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/467828/100/0/threaded"
},
{
"name": "20070509 Re: UPDATED: CubeCart (v3.0.15) - CRLF Injection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/468053/100/0/threaded"
},
{
"name": "2678",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2678"
},
{
"name": "36209",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/36209"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.cubecart.com/site/forums/index.php?s=0cbaa8a2f26fc573d1fc888285f610b1\u0026showtopic=27418"
},
{
"name": "cubecart-cart-index-crlf-header-injection(34141)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34141"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2550",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple CRLF injection vulnerabilities in Devellion CubeCart 3.0.15 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a cookie name beginning with \"ccSID\" to (1) cart.php or (2) index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "23852",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23852"
},
{
"name": "36210",
"refsource": "OSVDB",
"url": "http://osvdb.org/36210"
},
{
"name": "20070505 UPDATED: CubeCart (v3.0.15) - CRLF Injection Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/467828/100/0/threaded"
},
{
"name": "20070509 Re: UPDATED: CubeCart (v3.0.15) - CRLF Injection Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/468053/100/0/threaded"
},
{
"name": "2678",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2678"
},
{
"name": "36209",
"refsource": "OSVDB",
"url": "http://osvdb.org/36209"
},
{
"name": "http://www.cubecart.com/site/forums/index.php?s=0cbaa8a2f26fc573d1fc888285f610b1\u0026showtopic=27418",
"refsource": "CONFIRM",
"url": "http://www.cubecart.com/site/forums/index.php?s=0cbaa8a2f26fc573d1fc888285f610b1\u0026showtopic=27418"
},
{
"name": "cubecart-cart-index-crlf-header-injection(34141)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34141"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2550",
"datePublished": "2007-05-09T10:00:00.000Z",
"dateReserved": "2007-05-08T00:00:00.000Z",
"dateUpdated": "2024-08-07T13:42:33.425Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-5109 (GCVE-0-2006-5109)
Vulnerability from cvelistv5 – Published: 2006-10-02 20:00 – Updated: 2024-08-07 19:41
VLAI
Summary
Devellion CubeCart 2.0.x allows remote attackers to obtain sensitive information via a direct request for (1) link_navi.php or (2) spotlight.php, which reveals the path in various error messages. NOTE: the information.php, language.php, list_docs.php, popular_prod.php, sale.php, check_sum.php, and cat_navi.php vectors are already covered by CVE-2005-0607.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/archive/1/447009/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/20215 | vdb-entryx_refsource_BID |
| http://securityreason.com/securityalert/1662 | third-party-advisoryx_refsource_SREASON |
Date Public
2006-09-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:41:04.343Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cubecart-multiple-php-path-disclosure(29178)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29178"
},
{
"name": "20060926 CubeCart Multiple input Validation vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/447009/100/0/threaded"
},
{
"name": "20215",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20215"
},
{
"name": "1662",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1662"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-09-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Devellion CubeCart 2.0.x allows remote attackers to obtain sensitive information via a direct request for (1) link_navi.php or (2) spotlight.php, which reveals the path in various error messages. NOTE: the information.php, language.php, list_docs.php, popular_prod.php, sale.php, check_sum.php, and cat_navi.php vectors are already covered by CVE-2005-0607."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "cubecart-multiple-php-path-disclosure(29178)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29178"
},
{
"name": "20060926 CubeCart Multiple input Validation vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/447009/100/0/threaded"
},
{
"name": "20215",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20215"
},
{
"name": "1662",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1662"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5109",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Devellion CubeCart 2.0.x allows remote attackers to obtain sensitive information via a direct request for (1) link_navi.php or (2) spotlight.php, which reveals the path in various error messages. NOTE: the information.php, language.php, list_docs.php, popular_prod.php, sale.php, check_sum.php, and cat_navi.php vectors are already covered by CVE-2005-0607."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "cubecart-multiple-php-path-disclosure(29178)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29178"
},
{
"name": "20060926 CubeCart Multiple input Validation vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/447009/100/0/threaded"
},
{
"name": "20215",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20215"
},
{
"name": "1662",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1662"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5109",
"datePublished": "2006-10-02T20:00:00.000Z",
"dateReserved": "2006-10-02T00:00:00.000Z",
"dateUpdated": "2024-08-07T19:41:04.343Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-5108 (GCVE-0-2006-5108)
Vulnerability from cvelistv5 – Published: 2006-10-02 20:00 – Updated: 2024-08-07 19:41
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Devellion CubeCart 2.0.x allow remote attackers to inject arbitrary web script or HTML via the order_id parameter in (1) admin/print_order.php and (2) view_order.php; the (3) site_url and (4) la_search_home parameters and (5) certain language parameters in admin/nav.php; the (6) image parameter in admin/image.php; the (7) site_name, (8) la_adm_header, (9) charset, and (10) certain other parameters in admin/header.inc.php; the (12) la_pow_by parameter in footer.inc.php; and the (13) site_name parameter and (14) certain other parameters in header.inc.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
13 references
| URL | Tags |
|---|---|
| http://www.osvdb.org/29249 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/archive/1/447009/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/20215 | vdb-entryx_refsource_BID |
| http://www.vupen.com/english/advisories/2006/3818 | vdb-entryx_refsource_VUPEN |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.osvdb.org/29251 | vdb-entryx_refsource_OSVDB |
| http://www.osvdb.org/29248 | vdb-entryx_refsource_OSVDB |
| http://securityreason.com/securityalert/1662 | third-party-advisoryx_refsource_SREASON |
| http://www.osvdb.org/29250 | vdb-entryx_refsource_OSVDB |
| http://www.osvdb.org/29246 | vdb-entryx_refsource_OSVDB |
| http://www.osvdb.org/29252 | vdb-entryx_refsource_OSVDB |
| http://secunia.com/advisories/22175 | third-party-advisoryx_refsource_SECUNIA |
| http://www.osvdb.org/29247 | vdb-entryx_refsource_OSVDB |
Date Public
2006-09-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:41:05.040Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "29249",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/29249"
},
{
"name": "20060926 CubeCart Multiple input Validation vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/447009/100/0/threaded"
},
{
"name": "20215",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20215"
},
{
"name": "ADV-2006-3818",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3818"
},
{
"name": "cubecart-multiple-scripts-xss(29177)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29177"
},
{
"name": "29251",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/29251"
},
{
"name": "29248",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/29248"
},
{
"name": "1662",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1662"
},
{
"name": "29250",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/29250"
},
{
"name": "29246",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/29246"
},
{
"name": "29252",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/29252"
},
{
"name": "22175",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22175"
},
{
"name": "29247",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/29247"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-09-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Devellion CubeCart 2.0.x allow remote attackers to inject arbitrary web script or HTML via the order_id parameter in (1) admin/print_order.php and (2) view_order.php; the (3) site_url and (4) la_search_home parameters and (5) certain language parameters in admin/nav.php; the (6) image parameter in admin/image.php; the (7) site_name, (8) la_adm_header, (9) charset, and (10) certain other parameters in admin/header.inc.php; the (12) la_pow_by parameter in footer.inc.php; and the (13) site_name parameter and (14) certain other parameters in header.inc.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "29249",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/29249"
},
{
"name": "20060926 CubeCart Multiple input Validation vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/447009/100/0/threaded"
},
{
"name": "20215",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20215"
},
{
"name": "ADV-2006-3818",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3818"
},
{
"name": "cubecart-multiple-scripts-xss(29177)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29177"
},
{
"name": "29251",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/29251"
},
{
"name": "29248",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/29248"
},
{
"name": "1662",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1662"
},
{
"name": "29250",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/29250"
},
{
"name": "29246",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/29246"
},
{
"name": "29252",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/29252"
},
{
"name": "22175",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22175"
},
{
"name": "29247",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/29247"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5108",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Devellion CubeCart 2.0.x allow remote attackers to inject arbitrary web script or HTML via the order_id parameter in (1) admin/print_order.php and (2) view_order.php; the (3) site_url and (4) la_search_home parameters and (5) certain language parameters in admin/nav.php; the (6) image parameter in admin/image.php; the (7) site_name, (8) la_adm_header, (9) charset, and (10) certain other parameters in admin/header.inc.php; the (12) la_pow_by parameter in footer.inc.php; and the (13) site_name parameter and (14) certain other parameters in header.inc.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29249",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29249"
},
{
"name": "20060926 CubeCart Multiple input Validation vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/447009/100/0/threaded"
},
{
"name": "20215",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20215"
},
{
"name": "ADV-2006-3818",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3818"
},
{
"name": "cubecart-multiple-scripts-xss(29177)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29177"
},
{
"name": "29251",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29251"
},
{
"name": "29248",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29248"
},
{
"name": "1662",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1662"
},
{
"name": "29250",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29250"
},
{
"name": "29246",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29246"
},
{
"name": "29252",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29252"
},
{
"name": "22175",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22175"
},
{
"name": "29247",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29247"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5108",
"datePublished": "2006-10-02T20:00:00.000Z",
"dateReserved": "2006-10-02T00:00:00.000Z",
"dateUpdated": "2024-08-07T19:41:05.040Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-5107 (GCVE-0-2006-5107)
Vulnerability from cvelistv5 – Published: 2006-10-02 20:00 – Updated: 2024-08-07 19:41
VLAI
Summary
Multiple SQL injection vulnerabilities in Devellion CubeCart 2.0.x allow remote attackers to execute arbitrary SQL commands via (1) the user_name parameter in admin/forgot_pass.php, (2) the order_id parameter in view_order.php, (3) the view_doc parameter in view_doc.php, and (4) the order_id parameter in admin/print_order.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/447009/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/20215 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://securityreason.com/securityalert/1662 | third-party-advisoryx_refsource_SREASON |
Date Public
2006-09-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:41:04.054Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060926 CubeCart Multiple input Validation vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/447009/100/0/threaded"
},
{
"name": "20215",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20215"
},
{
"name": "cubecart-multiple-sql-injection(29176)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29176"
},
{
"name": "1662",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1662"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-09-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in Devellion CubeCart 2.0.x allow remote attackers to execute arbitrary SQL commands via (1) the user_name parameter in admin/forgot_pass.php, (2) the order_id parameter in view_order.php, (3) the view_doc parameter in view_doc.php, and (4) the order_id parameter in admin/print_order.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060926 CubeCart Multiple input Validation vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/447009/100/0/threaded"
},
{
"name": "20215",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20215"
},
{
"name": "cubecart-multiple-sql-injection(29176)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29176"
},
{
"name": "1662",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1662"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5107",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Devellion CubeCart 2.0.x allow remote attackers to execute arbitrary SQL commands via (1) the user_name parameter in admin/forgot_pass.php, (2) the order_id parameter in view_order.php, (3) the view_doc parameter in view_doc.php, and (4) the order_id parameter in admin/print_order.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060926 CubeCart Multiple input Validation vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/447009/100/0/threaded"
},
{
"name": "20215",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20215"
},
{
"name": "cubecart-multiple-sql-injection(29176)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29176"
},
{
"name": "1662",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1662"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5107",
"datePublished": "2006-10-02T20:00:00.000Z",
"dateReserved": "2006-10-02T00:00:00.000Z",
"dateUpdated": "2024-08-07T19:41:04.054Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4526 (GCVE-0-2006-4526)
Vulnerability from cvelistv5 – Published: 2006-09-01 23:00 – Updated: 2024-09-17 01:51
VLAI
Summary
SQL injection vulnerability in includes/content/viewCat.inc.php in CubeCart 3.0.12 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the searchArray[] parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/21659 | third-party-advisoryx_refsource_SECUNIA |
| http://www.cubecart.com/site/forums/index.php?s=5… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/19782 | vdb-entryx_refsource_BID |
| http://cubecart.com/site/forums/index.php?showtop… | x_refsource_CONFIRM |
| http://www.gulftech.org/?node=research&article_id… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:14:47.488Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "21659",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21659"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.cubecart.com/site/forums/index.php?s=5e34938dc670782af211587b8a450c90\u0026act=Attach\u0026type=post\u0026id=697"
},
{
"name": "19782",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19782"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cubecart.com/site/forums/index.php?showtopic=21540"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.gulftech.org/?node=research\u0026article_id=00111-08282006\u0026"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in includes/content/viewCat.inc.php in CubeCart 3.0.12 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the searchArray[] parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-09-01T23:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "21659",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21659"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.cubecart.com/site/forums/index.php?s=5e34938dc670782af211587b8a450c90\u0026act=Attach\u0026type=post\u0026id=697"
},
{
"name": "19782",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19782"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cubecart.com/site/forums/index.php?showtopic=21540"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.gulftech.org/?node=research\u0026article_id=00111-08282006\u0026"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4526",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in includes/content/viewCat.inc.php in CubeCart 3.0.12 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the searchArray[] parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21659",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21659"
},
{
"name": "http://www.cubecart.com/site/forums/index.php?s=5e34938dc670782af211587b8a450c90\u0026act=Attach\u0026type=post\u0026id=697",
"refsource": "CONFIRM",
"url": "http://www.cubecart.com/site/forums/index.php?s=5e34938dc670782af211587b8a450c90\u0026act=Attach\u0026type=post\u0026id=697"
},
{
"name": "19782",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19782"
},
{
"name": "http://cubecart.com/site/forums/index.php?showtopic=21540",
"refsource": "CONFIRM",
"url": "http://cubecart.com/site/forums/index.php?showtopic=21540"
},
{
"name": "http://www.gulftech.org/?node=research\u0026article_id=00111-08282006\u0026",
"refsource": "MISC",
"url": "http://www.gulftech.org/?node=research\u0026article_id=00111-08282006\u0026"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4526",
"datePublished": "2006-09-01T23:00:00.000Z",
"dateReserved": "2006-09-01T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:51:40.466Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4527 (GCVE-0-2006-4527)
Vulnerability from cvelistv5 – Published: 2006-09-01 23:00 – Updated: 2024-09-16 21:03
VLAI
Summary
includes/content/gateway.inc.php in CubeCart 3.0.12 and earlier, when magic_quotes_gpc is disabled, uses an insufficiently restrictive regular expression to validate the gateway parameter, which allows remote attackers to conduct PHP remote file inclusion attacks.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/21659 | third-party-advisoryx_refsource_SECUNIA |
| http://www.cubecart.com/site/forums/index.php?s=5… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/19782 | vdb-entryx_refsource_BID |
| http://cubecart.com/site/forums/index.php?showtop… | x_refsource_CONFIRM |
| http://www.gulftech.org/?node=research&article_id… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:14:47.469Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "21659",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21659"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.cubecart.com/site/forums/index.php?s=5e34938dc670782af211587b8a450c90\u0026act=Attach\u0026type=post\u0026id=697"
},
{
"name": "19782",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19782"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cubecart.com/site/forums/index.php?showtopic=21540"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.gulftech.org/?node=research\u0026article_id=00111-08282006\u0026"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "includes/content/gateway.inc.php in CubeCart 3.0.12 and earlier, when magic_quotes_gpc is disabled, uses an insufficiently restrictive regular expression to validate the gateway parameter, which allows remote attackers to conduct PHP remote file inclusion attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-09-01T23:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "21659",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21659"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.cubecart.com/site/forums/index.php?s=5e34938dc670782af211587b8a450c90\u0026act=Attach\u0026type=post\u0026id=697"
},
{
"name": "19782",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19782"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cubecart.com/site/forums/index.php?showtopic=21540"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.gulftech.org/?node=research\u0026article_id=00111-08282006\u0026"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4527",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "includes/content/gateway.inc.php in CubeCart 3.0.12 and earlier, when magic_quotes_gpc is disabled, uses an insufficiently restrictive regular expression to validate the gateway parameter, which allows remote attackers to conduct PHP remote file inclusion attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21659",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21659"
},
{
"name": "http://www.cubecart.com/site/forums/index.php?s=5e34938dc670782af211587b8a450c90\u0026act=Attach\u0026type=post\u0026id=697",
"refsource": "CONFIRM",
"url": "http://www.cubecart.com/site/forums/index.php?s=5e34938dc670782af211587b8a450c90\u0026act=Attach\u0026type=post\u0026id=697"
},
{
"name": "19782",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19782"
},
{
"name": "http://cubecart.com/site/forums/index.php?showtopic=21540",
"refsource": "CONFIRM",
"url": "http://cubecart.com/site/forums/index.php?showtopic=21540"
},
{
"name": "http://www.gulftech.org/?node=research\u0026article_id=00111-08282006\u0026",
"refsource": "MISC",
"url": "http://www.gulftech.org/?node=research\u0026article_id=00111-08282006\u0026"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4527",
"datePublished": "2006-09-01T23:00:00.000Z",
"dateReserved": "2006-09-01T00:00:00.000Z",
"dateUpdated": "2024-09-16T21:03:44.068Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4525 (GCVE-0-2006-4525)
Vulnerability from cvelistv5 – Published: 2006-09-01 23:00 – Updated: 2024-09-17 01:30
VLAI
Summary
Cross-site scripting (XSS) vulnerability in CubeCart 3.0.12 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the links array.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/21659 | third-party-advisoryx_refsource_SECUNIA |
| http://www.cubecart.com/site/forums/index.php?s=5… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/19782 | vdb-entryx_refsource_BID |
| http://cubecart.com/site/forums/index.php?showtop… | x_refsource_CONFIRM |
| http://www.gulftech.org/?node=research&article_id… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:14:47.708Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "21659",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21659"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.cubecart.com/site/forums/index.php?s=5e34938dc670782af211587b8a450c90\u0026act=Attach\u0026type=post\u0026id=697"
},
{
"name": "19782",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19782"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cubecart.com/site/forums/index.php?showtopic=21540"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.gulftech.org/?node=research\u0026article_id=00111-08282006\u0026"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in CubeCart 3.0.12 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the links array."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-09-01T23:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "21659",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21659"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.cubecart.com/site/forums/index.php?s=5e34938dc670782af211587b8a450c90\u0026act=Attach\u0026type=post\u0026id=697"
},
{
"name": "19782",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19782"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cubecart.com/site/forums/index.php?showtopic=21540"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.gulftech.org/?node=research\u0026article_id=00111-08282006\u0026"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4525",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in CubeCart 3.0.12 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the links array."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21659",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21659"
},
{
"name": "http://www.cubecart.com/site/forums/index.php?s=5e34938dc670782af211587b8a450c90\u0026act=Attach\u0026type=post\u0026id=697",
"refsource": "CONFIRM",
"url": "http://www.cubecart.com/site/forums/index.php?s=5e34938dc670782af211587b8a450c90\u0026act=Attach\u0026type=post\u0026id=697"
},
{
"name": "19782",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19782"
},
{
"name": "http://cubecart.com/site/forums/index.php?showtopic=21540",
"refsource": "CONFIRM",
"url": "http://cubecart.com/site/forums/index.php?showtopic=21540"
},
{
"name": "http://www.gulftech.org/?node=research\u0026article_id=00111-08282006\u0026",
"refsource": "MISC",
"url": "http://www.gulftech.org/?node=research\u0026article_id=00111-08282006\u0026"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4525",
"datePublished": "2006-09-01T23:00:00.000Z",
"dateReserved": "2006-09-01T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:30:35.927Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4267 (GCVE-0-2006-4267)
Vulnerability from cvelistv5 – Published: 2006-08-21 21:00 – Updated: 2024-08-07 19:06
VLAI
Summary
Multiple SQL injection vulnerabilities in CubeCart 3.0.11 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) oid parameter in modules/gateway/Protx/confirmed.php and the (2) x_invoice_num parameter in modules/gateway/Authorize/confirmed.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
14 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/21538 | third-party-advisoryx_refsource_SECUNIA |
| http://www.vupen.com/english/advisories/2006/3314 | vdb-entryx_refsource_VUPEN |
| http://www.osvdb.org/27985 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/archive/1/443476/100… | mailing-listx_refsource_BUGTRAQ |
| http://bugs.cubecart.com/?do=details&id=523 | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.cubecart.com/site/forums/index.php?sho… | x_refsource_CONFIRM |
| http://retrogod.altervista.org/cubecart_3011_sql.html | x_refsource_MISC |
| http://www.osvdb.org/27984 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/bid/19563 | vdb-entryx_refsource_BID |
| http://securityreason.com/securityalert/1429 | third-party-advisoryx_refsource_SREASON |
| http://retrogod.altervista.org/cubecart_3011_sql_… | x_refsource_MISC |
| http://securitytracker.com/id?1016708 | vdb-entryx_refsource_SECTRACK |
| http://retrogod.altervista.org/cubecart_3011_adv.html | x_refsource_MISC |
Date Public
2006-08-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:06:06.779Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "21538",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21538"
},
{
"name": "ADV-2006-3314",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3314"
},
{
"name": "27985",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/27985"
},
{
"name": "20060817 CubeCart \u003c= 3.0.11 SQL injection \u0026 cross site scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/443476/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.cubecart.com/?do=details\u0026id=523"
},
{
"name": "cubecart-confirmed-sql-injection(28428)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28428"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.cubecart.com/site/forums/index.php?showtopic=21247"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://retrogod.altervista.org/cubecart_3011_sql.html"
},
{
"name": "27984",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/27984"
},
{
"name": "19563",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19563"
},
{
"name": "1429",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1429"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://retrogod.altervista.org/cubecart_3011_sql_mqg_bypass.html"
},
{
"name": "1016708",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016708"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://retrogod.altervista.org/cubecart_3011_adv.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-08-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in CubeCart 3.0.11 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) oid parameter in modules/gateway/Protx/confirmed.php and the (2) x_invoice_num parameter in modules/gateway/Authorize/confirmed.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "21538",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21538"
},
{
"name": "ADV-2006-3314",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3314"
},
{
"name": "27985",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/27985"
},
{
"name": "20060817 CubeCart \u003c= 3.0.11 SQL injection \u0026 cross site scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/443476/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.cubecart.com/?do=details\u0026id=523"
},
{
"name": "cubecart-confirmed-sql-injection(28428)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28428"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.cubecart.com/site/forums/index.php?showtopic=21247"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://retrogod.altervista.org/cubecart_3011_sql.html"
},
{
"name": "27984",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/27984"
},
{
"name": "19563",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19563"
},
{
"name": "1429",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1429"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://retrogod.altervista.org/cubecart_3011_sql_mqg_bypass.html"
},
{
"name": "1016708",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016708"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://retrogod.altervista.org/cubecart_3011_adv.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4267",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in CubeCart 3.0.11 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) oid parameter in modules/gateway/Protx/confirmed.php and the (2) x_invoice_num parameter in modules/gateway/Authorize/confirmed.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21538",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21538"
},
{
"name": "ADV-2006-3314",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3314"
},
{
"name": "27985",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27985"
},
{
"name": "20060817 CubeCart \u003c= 3.0.11 SQL injection \u0026 cross site scripting",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/443476/100/0/threaded"
},
{
"name": "http://bugs.cubecart.com/?do=details\u0026id=523",
"refsource": "CONFIRM",
"url": "http://bugs.cubecart.com/?do=details\u0026id=523"
},
{
"name": "cubecart-confirmed-sql-injection(28428)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28428"
},
{
"name": "http://www.cubecart.com/site/forums/index.php?showtopic=21247",
"refsource": "CONFIRM",
"url": "http://www.cubecart.com/site/forums/index.php?showtopic=21247"
},
{
"name": "http://retrogod.altervista.org/cubecart_3011_sql.html",
"refsource": "MISC",
"url": "http://retrogod.altervista.org/cubecart_3011_sql.html"
},
{
"name": "27984",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27984"
},
{
"name": "19563",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19563"
},
{
"name": "1429",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1429"
},
{
"name": "http://retrogod.altervista.org/cubecart_3011_sql_mqg_bypass.html",
"refsource": "MISC",
"url": "http://retrogod.altervista.org/cubecart_3011_sql_mqg_bypass.html"
},
{
"name": "1016708",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016708"
},
{
"name": "http://retrogod.altervista.org/cubecart_3011_adv.html",
"refsource": "MISC",
"url": "http://retrogod.altervista.org/cubecart_3011_adv.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4267",
"datePublished": "2006-08-21T21:00:00.000Z",
"dateReserved": "2006-08-21T00:00:00.000Z",
"dateUpdated": "2024-08-07T19:06:06.779Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4268 (GCVE-0-2006-4268)
Vulnerability from cvelistv5 – Published: 2006-08-21 21:00 – Updated: 2024-08-07 19:06
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.11 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) file, (2) x, and (3) y parameters in (a) admin/filemanager/preview.php; and the (4) email parameter in (b) admin/login.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
12 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/21538 | third-party-advisoryx_refsource_SECUNIA |
| http://www.vupen.com/english/advisories/2006/3314 | vdb-entryx_refsource_VUPEN |
| http://www.securityfocus.com/archive/1/443476/100… | mailing-listx_refsource_BUGTRAQ |
| http://bugs.cubecart.com/?do=details&id=523 | x_refsource_CONFIRM |
| http://www.cubecart.com/site/forums/index.php?sho… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/19563 | vdb-entryx_refsource_BID |
| http://securityreason.com/securityalert/1429 | third-party-advisoryx_refsource_SREASON |
| http://www.osvdb.org/27987 | vdb-entryx_refsource_OSVDB |
| http://securitytracker.com/id?1016708 | vdb-entryx_refsource_SECTRACK |
| http://www.osvdb.org/displayvuln.php?osvdb_id=27986 | vdb-entryx_refsource_OSVDB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://retrogod.altervista.org/cubecart_3011_adv.html | x_refsource_MISC |
Date Public
2006-08-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:06:06.738Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "21538",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21538"
},
{
"name": "ADV-2006-3314",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3314"
},
{
"name": "20060817 CubeCart \u003c= 3.0.11 SQL injection \u0026 cross site scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/443476/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.cubecart.com/?do=details\u0026id=523"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.cubecart.com/site/forums/index.php?showtopic=21247"
},
{
"name": "19563",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19563"
},
{
"name": "1429",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1429"
},
{
"name": "27987",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/27987"
},
{
"name": "1016708",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016708"
},
{
"name": "27986",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/displayvuln.php?osvdb_id=27986"
},
{
"name": "cubecart-login-xss(28429)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28429"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://retrogod.altervista.org/cubecart_3011_adv.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-08-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.11 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) file, (2) x, and (3) y parameters in (a) admin/filemanager/preview.php; and the (4) email parameter in (b) admin/login.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "21538",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21538"
},
{
"name": "ADV-2006-3314",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3314"
},
{
"name": "20060817 CubeCart \u003c= 3.0.11 SQL injection \u0026 cross site scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/443476/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.cubecart.com/?do=details\u0026id=523"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.cubecart.com/site/forums/index.php?showtopic=21247"
},
{
"name": "19563",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19563"
},
{
"name": "1429",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1429"
},
{
"name": "27987",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/27987"
},
{
"name": "1016708",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016708"
},
{
"name": "27986",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/displayvuln.php?osvdb_id=27986"
},
{
"name": "cubecart-login-xss(28429)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28429"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://retrogod.altervista.org/cubecart_3011_adv.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4268",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.11 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) file, (2) x, and (3) y parameters in (a) admin/filemanager/preview.php; and the (4) email parameter in (b) admin/login.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21538",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21538"
},
{
"name": "ADV-2006-3314",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3314"
},
{
"name": "20060817 CubeCart \u003c= 3.0.11 SQL injection \u0026 cross site scripting",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/443476/100/0/threaded"
},
{
"name": "http://bugs.cubecart.com/?do=details\u0026id=523",
"refsource": "CONFIRM",
"url": "http://bugs.cubecart.com/?do=details\u0026id=523"
},
{
"name": "http://www.cubecart.com/site/forums/index.php?showtopic=21247",
"refsource": "CONFIRM",
"url": "http://www.cubecart.com/site/forums/index.php?showtopic=21247"
},
{
"name": "19563",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19563"
},
{
"name": "1429",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1429"
},
{
"name": "27987",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27987"
},
{
"name": "1016708",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016708"
},
{
"name": "27986",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/displayvuln.php?osvdb_id=27986"
},
{
"name": "cubecart-login-xss(28429)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28429"
},
{
"name": "http://retrogod.altervista.org/cubecart_3011_adv.html",
"refsource": "MISC",
"url": "http://retrogod.altervista.org/cubecart_3011_adv.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4268",
"datePublished": "2006-08-21T21:00:00.000Z",
"dateReserved": "2006-08-21T00:00:00.000Z",
"dateUpdated": "2024-08-07T19:06:06.738Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0922 (GCVE-0-2006-0922)
Vulnerability from cvelistv5 – Published: 2006-02-28 11:00 – Updated: 2024-08-07 16:56
VLAI
Summary
CubeCart 3.0 through 3.6 does not properly check authorization for an administration session because of a missing auth.inc.php include, which results in an absolute path traversal vulnerability in FileUpload in connector.php (aka upload.php) that allows remote attackers to upload arbitrary files via a modified CurrentFolder parameter in a direct request to admin/filemanager/upload.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| http://www.cubecart.com/site/forums/index.php?sho… | x_refsource_MISC |
| http://www.cubecart.com/site/forums/index.php?sho… | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://securityreason.com/securityalert/482 | third-party-advisoryx_refsource_SREASON |
| http://www.securityfocus.com/archive/1/425931/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.cubecart.com/site/forums/index.php?sho… | x_refsource_MISC |
| http://www.securityfocus.com/bid/16796 | vdb-entryx_refsource_BID |
| http://www.cubecart.com/site/forums/index.php?sho… | x_refsource_MISC |
| http://www.cubecart.com/site/forums/index.php?sho… | x_refsource_CONFIRM |
| http://www.nsag.ru/vuln/892.html | x_refsource_MISC |
Date Public
2006-02-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:56:13.950Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cubecart.com/site/forums/index.php?showtopic=14972"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cubecart.com/site/forums/index.php?showtopic=14960"
},
{
"name": "cubecart-connector-file-include(24883)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24883"
},
{
"name": "482",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/482"
},
{
"name": "20060223 NSA Group Security Advisory NSAG-\u0026sup1;197-23.02.2006 Vulnerability CubeCart 3.0.0 ? 3.0.6",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/425931/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cubecart.com/site/forums/index.php?showtopic=14817"
},
{
"name": "16796",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16796"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cubecart.com/site/forums/index.php?showtopic=14825"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.cubecart.com/site/forums/index.php?showtopic=14704"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.nsag.ru/vuln/892.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-02-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "CubeCart 3.0 through 3.6 does not properly check authorization for an administration session because of a missing auth.inc.php include, which results in an absolute path traversal vulnerability in FileUpload in connector.php (aka upload.php) that allows remote attackers to upload arbitrary files via a modified CurrentFolder parameter in a direct request to admin/filemanager/upload.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cubecart.com/site/forums/index.php?showtopic=14972"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cubecart.com/site/forums/index.php?showtopic=14960"
},
{
"name": "cubecart-connector-file-include(24883)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24883"
},
{
"name": "482",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/482"
},
{
"name": "20060223 NSA Group Security Advisory NSAG-\u0026sup1;197-23.02.2006 Vulnerability CubeCart 3.0.0 ? 3.0.6",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/425931/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cubecart.com/site/forums/index.php?showtopic=14817"
},
{
"name": "16796",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16796"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cubecart.com/site/forums/index.php?showtopic=14825"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.cubecart.com/site/forums/index.php?showtopic=14704"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.nsag.ru/vuln/892.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0922",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CubeCart 3.0 through 3.6 does not properly check authorization for an administration session because of a missing auth.inc.php include, which results in an absolute path traversal vulnerability in FileUpload in connector.php (aka upload.php) that allows remote attackers to upload arbitrary files via a modified CurrentFolder parameter in a direct request to admin/filemanager/upload.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.cubecart.com/site/forums/index.php?showtopic=14972",
"refsource": "MISC",
"url": "http://www.cubecart.com/site/forums/index.php?showtopic=14972"
},
{
"name": "http://www.cubecart.com/site/forums/index.php?showtopic=14960",
"refsource": "MISC",
"url": "http://www.cubecart.com/site/forums/index.php?showtopic=14960"
},
{
"name": "cubecart-connector-file-include(24883)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24883"
},
{
"name": "482",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/482"
},
{
"name": "20060223 NSA Group Security Advisory NSAG-\u0026sup1;197-23.02.2006 Vulnerability CubeCart 3.0.0 ? 3.0.6",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/425931/100/0/threaded"
},
{
"name": "http://www.cubecart.com/site/forums/index.php?showtopic=14817",
"refsource": "MISC",
"url": "http://www.cubecart.com/site/forums/index.php?showtopic=14817"
},
{
"name": "16796",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16796"
},
{
"name": "http://www.cubecart.com/site/forums/index.php?showtopic=14825",
"refsource": "MISC",
"url": "http://www.cubecart.com/site/forums/index.php?showtopic=14825"
},
{
"name": "http://www.cubecart.com/site/forums/index.php?showtopic=14704",
"refsource": "CONFIRM",
"url": "http://www.cubecart.com/site/forums/index.php?showtopic=14704"
},
{
"name": "http://www.nsag.ru/vuln/892.html",
"refsource": "MISC",
"url": "http://www.nsag.ru/vuln/892.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0922",
"datePublished": "2006-02-28T11:00:00.000Z",
"dateReserved": "2006-02-28T00:00:00.000Z",
"dateUpdated": "2024-08-07T16:56:13.950Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0245 (GCVE-0-2006-0245)
Vulnerability from cvelistv5 – Published: 2006-01-18 02:00 – Updated: 2024-08-07 16:25
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.7-pl1 allow remote attackers to inject arbitrary web script or HTML via the (3) redir, (4) productId, (5) docId, (6) act, and (7) catId parameters in index.php; and the (8) username field in a login action in index.php. NOTE: the cart.php/redir and index.php/searchStr vectors are already covered by CVE-2005-3152.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://www.vupen.com/english/advisories/2006/0227 | vdb-entryx_refsource_VUPEN |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://bugs.cubecart.com/?do=details&id=459 | x_refsource_MISC |
| http://www.osvdb.org/22471 | vdb-entryx_refsource_OSVDB |
| http://secunia.com/advisories/18519 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/16259 | vdb-entryx_refsource_BID |
| http://lostmon.blogspot.com/2006/01/cubecart-307-… | x_refsource_MISC |
Date Public
2006-01-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:25:34.076Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-0227",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0227"
},
{
"name": "cubecart-index-script-xss(24177)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24177"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.cubecart.com/?do=details\u0026id=459"
},
{
"name": "22471",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22471"
},
{
"name": "18519",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18519"
},
{
"name": "16259",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16259"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lostmon.blogspot.com/2006/01/cubecart-307-pl1-indexphp-multiple.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-01-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.7-pl1 allow remote attackers to inject arbitrary web script or HTML via the (3) redir, (4) productId, (5) docId, (6) act, and (7) catId parameters in index.php; and the (8) username field in a login action in index.php. NOTE: the cart.php/redir and index.php/searchStr vectors are already covered by CVE-2005-3152."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-0227",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0227"
},
{
"name": "cubecart-index-script-xss(24177)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24177"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.cubecart.com/?do=details\u0026id=459"
},
{
"name": "22471",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22471"
},
{
"name": "18519",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18519"
},
{
"name": "16259",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16259"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lostmon.blogspot.com/2006/01/cubecart-307-pl1-indexphp-multiple.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0245",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.7-pl1 allow remote attackers to inject arbitrary web script or HTML via the (3) redir, (4) productId, (5) docId, (6) act, and (7) catId parameters in index.php; and the (8) username field in a login action in index.php. NOTE: the cart.php/redir and index.php/searchStr vectors are already covered by CVE-2005-3152."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-0227",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0227"
},
{
"name": "cubecart-index-script-xss(24177)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24177"
},
{
"name": "http://bugs.cubecart.com/?do=details\u0026id=459",
"refsource": "MISC",
"url": "http://bugs.cubecart.com/?do=details\u0026id=459"
},
{
"name": "22471",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22471"
},
{
"name": "18519",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18519"
},
{
"name": "16259",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16259"
},
{
"name": "http://lostmon.blogspot.com/2006/01/cubecart-307-pl1-indexphp-multiple.html",
"refsource": "MISC",
"url": "http://lostmon.blogspot.com/2006/01/cubecart-307-pl1-indexphp-multiple.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0245",
"datePublished": "2006-01-18T02:00:00.000Z",
"dateReserved": "2006-01-18T00:00:00.000Z",
"dateUpdated": "2024-08-07T16:25:34.076Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0064 (GCVE-0-2006-0064)
Vulnerability from cvelistv5 – Published: 2006-01-03 22:00 – Updated: 2024-08-07 16:18
VLAI
Summary
PHP remote file include vulnerability in includes/orderSuccess.inc.php in CubeCart allows remote attackers to execute arbitrary PHP code via a URL in the glob[rootDir] parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.vupen.com/english/advisories/2006/0016 | vdb-entryx_refsource_VUPEN |
| https://www.exploit-db.com/exploits/1398 | exploitx_refsource_EXPLOIT-DB |
Date Public
2006-01-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:18:20.873Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-0016",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0016"
},
{
"name": "1398",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/1398"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-01-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "PHP remote file include vulnerability in includes/orderSuccess.inc.php in CubeCart allows remote attackers to execute arbitrary PHP code via a URL in the glob[rootDir] parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-18T16:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-0016",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0016"
},
{
"name": "1398",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/1398"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0064",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file include vulnerability in includes/orderSuccess.inc.php in CubeCart allows remote attackers to execute arbitrary PHP code via a URL in the glob[rootDir] parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-0016",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0016"
},
{
"name": "1398",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/1398"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0064",
"datePublished": "2006-01-03T22:00:00.000Z",
"dateReserved": "2006-01-03T00:00:00.000Z",
"dateUpdated": "2024-08-07T16:18:20.873Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3152 (GCVE-0-2005-3152)
Vulnerability from cvelistv5 – Published: 2005-10-05 04:00 – Updated: 2024-08-07 23:01
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.3 allow remote attackers to inject arbitrary web script or HTML via the redir parameter to (1) cart.php or (2) index.php, or (3) the searchStr parameter in a viewCat action to index.php. Note: vectors (1) and (2) were later reported to affect 3.0.7-pl1.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://bugs.cubecart.com/?do=details&id=363 | x_refsource_CONFIRM |
| http://bugs.cubecart.com/?do=details&id=459 | x_refsource_MISC |
| http://lostmon.blogspot.com/2005/09/cubecart-303-… | x_refsource_MISC |
| http://securitytracker.com/id?1014984 | vdb-entryx_refsource_SECTRACK |
| http://securityreason.com/securityalert/35 | third-party-advisoryx_refsource_SREASON |
| http://lostmon.blogspot.com/2006/01/cubecart-307-… | x_refsource_MISC |
| http://www.securityfocus.com/bid/14962 | vdb-entryx_refsource_BID |
Date Public
2005-09-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:01:57.901Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cubecart-index-script-xss(24177)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24177"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.cubecart.com/?do=details\u0026id=363"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.cubecart.com/?do=details\u0026id=459"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lostmon.blogspot.com/2005/09/cubecart-303-multiple-variable-cross.html"
},
{
"name": "1014984",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014984"
},
{
"name": "35",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/35"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lostmon.blogspot.com/2006/01/cubecart-307-pl1-indexphp-multiple.html"
},
{
"name": "14962",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14962"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-09-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.3 allow remote attackers to inject arbitrary web script or HTML via the redir parameter to (1) cart.php or (2) index.php, or (3) the searchStr parameter in a viewCat action to index.php. Note: vectors (1) and (2) were later reported to affect 3.0.7-pl1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "cubecart-index-script-xss(24177)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24177"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.cubecart.com/?do=details\u0026id=363"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.cubecart.com/?do=details\u0026id=459"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lostmon.blogspot.com/2005/09/cubecart-303-multiple-variable-cross.html"
},
{
"name": "1014984",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014984"
},
{
"name": "35",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/35"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lostmon.blogspot.com/2006/01/cubecart-307-pl1-indexphp-multiple.html"
},
{
"name": "14962",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14962"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3152",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.3 allow remote attackers to inject arbitrary web script or HTML via the redir parameter to (1) cart.php or (2) index.php, or (3) the searchStr parameter in a viewCat action to index.php. Note: vectors (1) and (2) were later reported to affect 3.0.7-pl1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "cubecart-index-script-xss(24177)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24177"
},
{
"name": "http://bugs.cubecart.com/?do=details\u0026id=363",
"refsource": "CONFIRM",
"url": "http://bugs.cubecart.com/?do=details\u0026id=363"
},
{
"name": "http://bugs.cubecart.com/?do=details\u0026id=459",
"refsource": "MISC",
"url": "http://bugs.cubecart.com/?do=details\u0026id=459"
},
{
"name": "http://lostmon.blogspot.com/2005/09/cubecart-303-multiple-variable-cross.html",
"refsource": "MISC",
"url": "http://lostmon.blogspot.com/2005/09/cubecart-303-multiple-variable-cross.html"
},
{
"name": "1014984",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014984"
},
{
"name": "35",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/35"
},
{
"name": "http://lostmon.blogspot.com/2006/01/cubecart-307-pl1-indexphp-multiple.html",
"refsource": "MISC",
"url": "http://lostmon.blogspot.com/2006/01/cubecart-307-pl1-indexphp-multiple.html"
},
{
"name": "14962",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14962"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3152",
"datePublished": "2005-10-05T04:00:00.000Z",
"dateReserved": "2005-10-05T00:00:00.000Z",
"dateUpdated": "2024-08-07T23:01:57.901Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-1033 (GCVE-0-2005-1033)
Vulnerability from cvelistv5 – Published: 2005-04-09 04:00 – Updated: 2024-08-07 21:35
VLAI
Summary
CubeCart 2.0.6 allows remote attackers to obtain sensitive information via an invalid (1) language parameter to index.php, (2) PHPSESSID parameter to index.php, (3) product parameter to tellafriend.php, (4) add parameter to view_cart.php, or (5) product parameter to view_product.php, which reveals the path in a PHP error message.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.osvdb.org/14064 | vdb-entryx_refsource_OSVDB |
| http://securitytracker.com/id?1013660 | vdb-entryx_refsource_SECTRACK |
| http://marc.info/?l=bugtraq&m=111281457918479&w=2 | mailing-listx_refsource_BUGTRAQ |
Date Public
2005-04-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:35:59.844Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "14064",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/14064"
},
{
"name": "1013660",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1013660"
},
{
"name": "20050406 [NOBYTES.COM: #6] CubeCart 2.0.6 - Information Disclosure",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111281457918479\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-04-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "CubeCart 2.0.6 allows remote attackers to obtain sensitive information via an invalid (1) language parameter to index.php, (2) PHPSESSID parameter to index.php, (3) product parameter to tellafriend.php, (4) add parameter to view_cart.php, or (5) product parameter to view_product.php, which reveals the path in a PHP error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "14064",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/14064"
},
{
"name": "1013660",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1013660"
},
{
"name": "20050406 [NOBYTES.COM: #6] CubeCart 2.0.6 - Information Disclosure",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111281457918479\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1033",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CubeCart 2.0.6 allows remote attackers to obtain sensitive information via an invalid (1) language parameter to index.php, (2) PHPSESSID parameter to index.php, (3) product parameter to tellafriend.php, (4) add parameter to view_cart.php, or (5) product parameter to view_product.php, which reveals the path in a PHP error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "14064",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/14064"
},
{
"name": "1013660",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013660"
},
{
"name": "20050406 [NOBYTES.COM: #6] CubeCart 2.0.6 - Information Disclosure",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111281457918479\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1033",
"datePublished": "2005-04-09T04:00:00.000Z",
"dateReserved": "2005-04-10T00:00:00.000Z",
"dateUpdated": "2024-08-07T21:35:59.844Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0606 (GCVE-0-2005-0606)
Vulnerability from cvelistv5 – Published: 2005-03-01 05:00 – Updated: 2024-08-07 21:21
VLAI
Summary
Cross-site scripting (XSS) vulnerability in settings.inc.php for CubeCart 2.0.0 through 2.0.5, as used in multiple PHP files, allows remote attackers to inject arbitrary HTML or web script via the (1) cat_id, (2) PHPSESSID, (3) view_doc, (4) product, (5) session, (6) catname, (7) search, or (8) page parameters.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/12658 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/14416 | third-party-advisoryx_refsource_SECUNIA |
| http://lostmon.blogspot.com/2005/02/cubecart-20x-… | x_refsource_MISC |
| http://www.cubecart.com/site/forums/index.php?sho… | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://securitytracker.com/id?1013304 | vdb-entryx_refsource_SECTRACK |
Date Public
2005-02-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:21:06.227Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "12658",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12658"
},
{
"name": "14416",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/14416"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lostmon.blogspot.com/2005/02/cubecart-20x-multiple-variable-xss.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.cubecart.com/site/forums/index.php?showtopic=6032"
},
{
"name": "cubecart-multiple-xss(20637)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20637"
},
{
"name": "1013304",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1013304"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-02-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in settings.inc.php for CubeCart 2.0.0 through 2.0.5, as used in multiple PHP files, allows remote attackers to inject arbitrary HTML or web script via the (1) cat_id, (2) PHPSESSID, (3) view_doc, (4) product, (5) session, (6) catname, (7) search, or (8) page parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "12658",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12658"
},
{
"name": "14416",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/14416"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lostmon.blogspot.com/2005/02/cubecart-20x-multiple-variable-xss.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.cubecart.com/site/forums/index.php?showtopic=6032"
},
{
"name": "cubecart-multiple-xss(20637)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20637"
},
{
"name": "1013304",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1013304"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0606",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in settings.inc.php for CubeCart 2.0.0 through 2.0.5, as used in multiple PHP files, allows remote attackers to inject arbitrary HTML or web script via the (1) cat_id, (2) PHPSESSID, (3) view_doc, (4) product, (5) session, (6) catname, (7) search, or (8) page parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "12658",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12658"
},
{
"name": "14416",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14416"
},
{
"name": "http://lostmon.blogspot.com/2005/02/cubecart-20x-multiple-variable-xss.html",
"refsource": "MISC",
"url": "http://lostmon.blogspot.com/2005/02/cubecart-20x-multiple-variable-xss.html"
},
{
"name": "http://www.cubecart.com/site/forums/index.php?showtopic=6032",
"refsource": "CONFIRM",
"url": "http://www.cubecart.com/site/forums/index.php?showtopic=6032"
},
{
"name": "cubecart-multiple-xss(20637)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20637"
},
{
"name": "1013304",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013304"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0606",
"datePublished": "2005-03-01T05:00:00.000Z",
"dateReserved": "2005-03-01T00:00:00.000Z",
"dateUpdated": "2024-08-07T21:21:06.227Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0607 (GCVE-0-2005-0607)
Vulnerability from cvelistv5 – Published: 2005-03-01 05:00 – Updated: 2024-08-07 21:21
VLAI
Summary
CubeCart 2.0.0 through 2.0.5 allows remote attackers to determine the full path of the server via direct calls without parameters to (1) information.php, (2) language.php, (3) list_docs.php, (4) popular_prod.php, (5) sale.php, (6) subfooter.inc.php, (7) subheader.inc.php, (8) cat_navi.php, or (9) check_sum.php, which reveals the path in a PHP error message.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://lostmon.blogspot.com/2005/02/cubecart-20x-… | x_refsource_MISC |
| http://www.cubecart.com/site/forums/index.php?sho… | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://securitytracker.com/id?1013304 | vdb-entryx_refsource_SECTRACK |
Date Public
2005-02-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:21:06.500Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lostmon.blogspot.com/2005/02/cubecart-20x-multiple-variable-xss.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.cubecart.com/site/forums/index.php?showtopic=6032"
},
{
"name": "cubecart-multiple-path-disclosure(20638)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20638"
},
{
"name": "1013304",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1013304"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-02-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "CubeCart 2.0.0 through 2.0.5 allows remote attackers to determine the full path of the server via direct calls without parameters to (1) information.php, (2) language.php, (3) list_docs.php, (4) popular_prod.php, (5) sale.php, (6) subfooter.inc.php, (7) subheader.inc.php, (8) cat_navi.php, or (9) check_sum.php, which reveals the path in a PHP error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lostmon.blogspot.com/2005/02/cubecart-20x-multiple-variable-xss.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.cubecart.com/site/forums/index.php?showtopic=6032"
},
{
"name": "cubecart-multiple-path-disclosure(20638)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20638"
},
{
"name": "1013304",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1013304"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0607",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CubeCart 2.0.0 through 2.0.5 allows remote attackers to determine the full path of the server via direct calls without parameters to (1) information.php, (2) language.php, (3) list_docs.php, (4) popular_prod.php, (5) sale.php, (6) subfooter.inc.php, (7) subheader.inc.php, (8) cat_navi.php, or (9) check_sum.php, which reveals the path in a PHP error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://lostmon.blogspot.com/2005/02/cubecart-20x-multiple-variable-xss.html",
"refsource": "MISC",
"url": "http://lostmon.blogspot.com/2005/02/cubecart-20x-multiple-variable-xss.html"
},
{
"name": "http://www.cubecart.com/site/forums/index.php?showtopic=6032",
"refsource": "CONFIRM",
"url": "http://www.cubecart.com/site/forums/index.php?showtopic=6032"
},
{
"name": "cubecart-multiple-path-disclosure(20638)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20638"
},
{
"name": "1013304",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013304"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0607",
"datePublished": "2005-03-01T05:00:00.000Z",
"dateReserved": "2005-03-01T00:00:00.000Z",
"dateUpdated": "2024-08-07T21:21:06.500Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1580 (GCVE-0-2004-1580)
Vulnerability from cvelistv5 – Published: 2005-02-20 05:00 – Updated: 2024-08-08 00:53
VLAI
Summary
SQL injection vulnerability in index.php in CubeCart 2.0.1 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://marc.info/?l=bugtraq&m=109713382400457&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/11337 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/12764 | third-party-advisoryx_refsource_SECUNIA |
| http://www.exploit-db.com/exploits/15278 | exploitx_refsource_EXPLOIT-DB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2004-10-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:53:24.151Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20041006 Full path disclosure and sql injection on CubeCart 2.0.1",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109713382400457\u0026w=2"
},
{
"name": "11337",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11337"
},
{
"name": "12764",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12764"
},
{
"name": "15278",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/15278"
},
{
"name": "cubecart-catid-sql-injection(17632)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17632"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-10-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in index.php in CubeCart 2.0.1 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20041006 Full path disclosure and sql injection on CubeCart 2.0.1",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109713382400457\u0026w=2"
},
{
"name": "11337",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11337"
},
{
"name": "12764",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12764"
},
{
"name": "15278",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/15278"
},
{
"name": "cubecart-catid-sql-injection(17632)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17632"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1580",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in index.php in CubeCart 2.0.1 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20041006 Full path disclosure and sql injection on CubeCart 2.0.1",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=109713382400457\u0026w=2"
},
{
"name": "11337",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11337"
},
{
"name": "12764",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12764"
},
{
"name": "15278",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/15278"
},
{
"name": "cubecart-catid-sql-injection(17632)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17632"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1580",
"datePublished": "2005-02-20T05:00:00.000Z",
"dateReserved": "2005-02-20T00:00:00.000Z",
"dateUpdated": "2024-08-08T00:53:24.151Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1579 (GCVE-0-2004-1579)
Vulnerability from cvelistv5 – Published: 2005-02-20 05:00 – Updated: 2024-08-08 00:53
VLAI
Summary
index.php in CubeCart 2.0.1 allows remote attackers to gain sensitive information via an HTTP request with an invalid cat_id parameter, which reveals the full path in a PHP error message.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://marc.info/?l=bugtraq&m=109713382400457&w=2 | mailing-listx_refsource_BUGTRAQ |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2004-10-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:53:24.177Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20041006 Full path disclosure and sql injection on CubeCart 2.0.1",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109713382400457\u0026w=2"
},
{
"name": "cubecart-catid-path-disclosure(17630)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17630"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-10-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "index.php in CubeCart 2.0.1 allows remote attackers to gain sensitive information via an HTTP request with an invalid cat_id parameter, which reveals the full path in a PHP error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20041006 Full path disclosure and sql injection on CubeCart 2.0.1",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109713382400457\u0026w=2"
},
{
"name": "cubecart-catid-path-disclosure(17630)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17630"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1579",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "index.php in CubeCart 2.0.1 allows remote attackers to gain sensitive information via an HTTP request with an invalid cat_id parameter, which reveals the full path in a PHP error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20041006 Full path disclosure and sql injection on CubeCart 2.0.1",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=109713382400457\u0026w=2"
},
{
"name": "cubecart-catid-path-disclosure(17630)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17630"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1579",
"datePublished": "2005-02-20T05:00:00.000Z",
"dateReserved": "2005-02-20T00:00:00.000Z",
"dateUpdated": "2024-08-08T00:53:24.177Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0442 (GCVE-0-2005-0442)
Vulnerability from cvelistv5 – Published: 2005-02-15 05:00 – Updated: 2024-08-07 21:13
VLAI
Summary
Directory traversal vulnerability in index.php for CubeCart 2.0.4 allows remote attackers to read arbitrary files via the language parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.cubecart.com/site/forums/index.php?sho… | x_refsource_CONFIRM |
| http://marc.info/?l=bugtraq&m=111281888605580&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/12549 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/14272 | third-party-advisoryx_refsource_SECUNIA |
| http://marc.info/?l=bugtraq&m=110842125901191&w=2 | mailing-listx_refsource_BUGTRAQ |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2005-02-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:13:54.174Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.cubecart.com/site/forums/index.php?showtopic=5741"
},
{
"name": "20050406 RE: [NOBYTES.COM: #6] CubeCart 2.0.6 - Information Disclosure",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111281888605580\u0026w=2"
},
{
"name": "12549",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12549"
},
{
"name": "14272",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/14272"
},
{
"name": "20050214 [NOBYTES.COM: #2] CubeCart 2.0.4 - Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110842125901191\u0026w=2"
},
{
"name": "cubecart-dotdot-directory-traversal(19322)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19322"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-02-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in index.php for CubeCart 2.0.4 allows remote attackers to read arbitrary files via the language parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.cubecart.com/site/forums/index.php?showtopic=5741"
},
{
"name": "20050406 RE: [NOBYTES.COM: #6] CubeCart 2.0.6 - Information Disclosure",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111281888605580\u0026w=2"
},
{
"name": "12549",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12549"
},
{
"name": "14272",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/14272"
},
{
"name": "20050214 [NOBYTES.COM: #2] CubeCart 2.0.4 - Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110842125901191\u0026w=2"
},
{
"name": "cubecart-dotdot-directory-traversal(19322)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19322"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0442",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in index.php for CubeCart 2.0.4 allows remote attackers to read arbitrary files via the language parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.cubecart.com/site/forums/index.php?showtopic=5741",
"refsource": "CONFIRM",
"url": "http://www.cubecart.com/site/forums/index.php?showtopic=5741"
},
{
"name": "20050406 RE: [NOBYTES.COM: #6] CubeCart 2.0.6 - Information Disclosure",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111281888605580\u0026w=2"
},
{
"name": "12549",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12549"
},
{
"name": "14272",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14272"
},
{
"name": "20050214 [NOBYTES.COM: #2] CubeCart 2.0.4 - Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110842125901191\u0026w=2"
},
{
"name": "cubecart-dotdot-directory-traversal(19322)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19322"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0442",
"datePublished": "2005-02-15T05:00:00.000Z",
"dateReserved": "2005-02-15T00:00:00.000Z",
"dateUpdated": "2024-08-07T21:13:54.174Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0443 (GCVE-0-2005-0443)
Vulnerability from cvelistv5 – Published: 2005-02-15 05:00 – Updated: 2024-08-07 21:13
VLAI
Summary
index.php in CubeCart 2.0.4 allows remote attackers to (1) obtain the full path for the web server or (2) conduct cross-site scripting (XSS) attacks via an invalid language parameter, which echoes the parameter in a PHP error message.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.osvdb.org/14064 | vdb-entryx_refsource_OSVDB |
| http://www.cubecart.com/site/forums/index.php?sho… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/12549 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://marc.info/?l=bugtraq&m=110842125901191&w=2 | mailing-listx_refsource_BUGTRAQ |
Date Public
2005-02-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:13:54.140Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "14064",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/14064"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.cubecart.com/site/forums/index.php?showtopic=5741"
},
{
"name": "12549",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12549"
},
{
"name": "cubecart-index-xss(19328)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19328"
},
{
"name": "20050214 [NOBYTES.COM: #2] CubeCart 2.0.4 - Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110842125901191\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-02-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "index.php in CubeCart 2.0.4 allows remote attackers to (1) obtain the full path for the web server or (2) conduct cross-site scripting (XSS) attacks via an invalid language parameter, which echoes the parameter in a PHP error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "14064",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/14064"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.cubecart.com/site/forums/index.php?showtopic=5741"
},
{
"name": "12549",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12549"
},
{
"name": "cubecart-index-xss(19328)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19328"
},
{
"name": "20050214 [NOBYTES.COM: #2] CubeCart 2.0.4 - Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110842125901191\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0443",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "index.php in CubeCart 2.0.4 allows remote attackers to (1) obtain the full path for the web server or (2) conduct cross-site scripting (XSS) attacks via an invalid language parameter, which echoes the parameter in a PHP error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "14064",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/14064"
},
{
"name": "http://www.cubecart.com/site/forums/index.php?showtopic=5741",
"refsource": "CONFIRM",
"url": "http://www.cubecart.com/site/forums/index.php?showtopic=5741"
},
{
"name": "12549",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12549"
},
{
"name": "cubecart-index-xss(19328)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19328"
},
{
"name": "20050214 [NOBYTES.COM: #2] CubeCart 2.0.4 - Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110842125901191\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0443",
"datePublished": "2005-02-15T05:00:00.000Z",
"dateReserved": "2005-02-15T00:00:00.000Z",
"dateUpdated": "2024-08-07T21:13:54.140Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}