Categories

Applications (151)
Blogs (3)
Content Management (101)
Customer Relationship (2)
Discussion Boards (19)
E-Commerce (8)
General Purpose Directories (1)
Image Galleries (15)
Mailing Lists (1)
Tips (3)
Vulnerabilities (249)
Access Bypass (42)
Cross Site Scripting (94)
Denial Of Service (2)
File Inclusion (40)
Information Disclosure (13)
Privilege Escalation (2)
Remote Command Execution (12)
Session Hijacking (1)
SQL Injection (84)

Archive for the 'E-Commerce' Category

cpCommerce Multiple Vulnerabilities

Published by TL Guan April 18th, 2008 in Cross Site Scripting, E-Commerce and SQL Injection.

Application: cpCommerce
Affected Version: 1.1.0 and other versions.
Vendor’s URL: cpCommerce
Bug Type: Cross Site Scripting and SQL injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized and verified.

CubeCart Two XSS

Published by TL Guan April 18th, 2008 in Cross Site Scripting and E-Commerce.

Application: CubeCart
Affected Version: 4.2.1 and other versions.
Vendor’s URL: CubeCart
Bug Type: Cross Site Scripting
Risk Level: Medium

Solution:
Edit the source code to ensure that input is properly sanitized.

Photo Cart “amessage” XSS

Published by TL Guan April 18th, 2008 in Cross Site Scripting and E-Commerce.

Application: Photo Cart
Affected Version: 4.1 and other versions.
Vendor’s URL: Photo Cart
Bug Type: Cross Site Scripting
Risk Level: Medium

Solution:
Apply patch. http://www.picturespro.com/sp/

SoftCart Multiple XSS Vulnerabilities

Published by TL Guan February 21st, 2008 in Cross Site Scripting and E-Commerce.

Application: SoftCart
Affected Version: 5.1.2.2 and other versions.
Vendor’s URL: SoftCart
Bug Type: Cross Site Scripting
Risk Level: Medium

Solution:
Filter malicious characters and character sequences.

osCommerce Addon SQL Injection

Published by TL Guan February 11th, 2008 in E-Commerce and SQL Injection.

Application: osCommerce
Affected Version: 3.1 and other versions.
Vendor’s URL: http://addons.oscommerce.com/info/5477
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly verified and sanitized, or disable it until patch is released.

vcart File Inclusion Vulnerabilities

Published by TL Guan January 22nd, 2008 in E-Commerce and File Inclusion.

Application: vcart
Affected Version: 3.3.2 and other versions.
Vendor’s URL: http://www.visionburst.com/
Bug Type: File Inclusion
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly verified.

Zen Cart Vulnerability

Published by TL Guan July 20th, 2007 in E-Commerce and Session Hijacking.

Application: Zen Cart
Affected Version: 1.3.7 or other versions may be affected
Vendor’s URL: http://www.zencart.com/
Bug Type: Session Hijacking
Risk Level: Medium

Solution:
- Update to zen-cart-v1.3.7-full-patched-07012007

Wrapper.PHP for OsCommerce Local File Include Vulnerability

Published by KM Chow July 7th, 2007 in Applications, E-Commerce, File Inclusion and Vulnerabilities.

Application: OsCommerce 0
Vendor’s URL: http://www.oscommerce.com/
Bug Type: File Inclusion
Risk Level: High

Solution:
User must upgrade or migrate to latest version of OsCommerce.

About

You are currently browsing the Exabytes Security Portal weblog archives for the E-Commerce category.

Longer entries are truncated. Click the headline of an entry to read it in its entirety.

Subscribe

Latest

Archives



Valid XHTML 1.0 Transitional