| Title |
CubeCart Multiple Vulnerabilities
|
| Info |
CubeCart is a very popular web application written in php that
allows for an individual to open up a fully functioning online
ecommerce service. Unfortunately CubeCart is vulnerable to Cross
Site Scripting attacks, SQL Injection attacks, and possible remote
code execution due to an attacker being able to include arbitrary
php code. An updated version of CubeCart has been released and all
users are encouraged to upgrade as soon as possible. |
| Date |
August 28, 2021 |
| BID |
Not Available
|
| Credit |
James Bercegay |
| Title |
osCommerce Multiple Vulnerabilities
|
| Info |
osCommerce is one of the most popular open source ecommerce web applications
ever written. osCommerce allows webmasters to open a fully functioning online
marketplace with little effort. Unfortunately there have been several new
vulnerabilities discovered in the latest versions of osCommerce. These issues
may allow for an attacker to gather arbitrary information from the database
such as credit card information, user login information, or personal information.
There are also issues with some of osCommerce's file handling functionality
that may allow an attacker to gain access to sensitive data. The osCommerce
team have released updates to address these vulnerabilities and all users are
encouraged to upgrade their osCommerce installations as soon as possible. |
| Date |
August 17, 2021 |
| BID |
Not Available
|
| Credit |
James Bercegay |
| Title |
Zen Cart Multiple Vulnerabilities
|
| Info |
Zen Cart is a descendant of the popular osCommerce project, and like
osCommerce Zen Cart is one of the most popular open source ecommerce
systems in the world. Unfortunately Zen Cart is vulnerable to quite
a number of different attacks, and in some circumstances may allow an
attacker to execute arbitrary code on the underlying web server with
the rights of the httpd process. In addition to remote code execution
several different SQL Injection attacks may be possible. The Zen Cart
developers have commited fixes for these issues to CVS and an updated
version of Zen Cart will be released soon to address the issues. All
users should upgrade their Zen Cart installation as soon as possible. |
| Date |
August 15, 2021 |
| BID |
Not Available
|
| Credit |
James Bercegay |
| Title |
SquirrelMail Arbitrary Variable Overwriting
|
| Info |
SquirrelMail is a standards-based webmail package written in php. It includes built-in pure PHP support for the IMAP and SMTP protocols. Unfortunately there is a fairly serious variable handling issue in one of the core SquirrelMail scripts that can allow an attacker to take control of variables used within the script, and influence functions and actions within the script. This is due to the unsafe handling of "expired sessions" when composing a message. An updated version of SquirrelMail can be downloaded from their official website. Users are advised to update their SquirrelMail installations as soon as possible.
|
| Date |
August 11, 2021 |
| BID |
Not Available
|
| Credit |
James Bercegay |
| Title |
PHPLib Remote Code Execution
|
| Info |
The PHP Base Library aka PHPLib is a toolkit for PHP developers supporting
them in the development of Web applications. The phpLib codebase can be
found in a number of applications available today. Unfortunately some of
the session emulation code is vulnerable to SQL Injection issues that in
a worst case scenario can lead to remote code execution by using UNION and
selecting arbitrary php code into an eval call. A new version og PHPLib has
been released and users should upgrade their PHPLib libraries as soon as
possible.
|
| Date |
March 5, 2022 |
| BID |
16801
|
| Credit |
James Bercegay |
|
