CVE-2005-1033
published 2005-05-02CVE-2005-1033: CubeCart 2.0.6 allows remote attackers to obtain sensitive information via an invalid (1) language parameter to index.php, (2) PHPSESSID parameter to…
PriorityP414medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
3.03%
85.8th percentile
CubeCart 2.0.6 allows remote attackers to obtain sensitive information via an invalid (1) language parameter to index.php, (2) PHPSESSID parameter to index.php, (3) product parameter to tellafriend.php, (4) add parameter to view_cart.php, or (5) product parameter to view_product.php, which reveals the path in a PHP error message.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| devellion | cubecart | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Microsoft Visual Studio Report Viewer 2005 Control - Multiple Cross-Site Scripting Vulnerabilities
exploitdb·2011-08-09
CVE-2011-1976 Microsoft Visual Studio Report Viewer 2005 Control - Multiple Cross-Site Scripting Vulnerabilities
Microsoft Visual Studio Report Viewer 2005 Control - Multiple Cross-Site Scripting Vulnerabilities
---
source: https://www.securityfocus.com/bid/49033/info
Microsoft Visual Studio is prone to multiple cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to spoof content or disclose sensitive information.
https://www.example.com/Reserved.ReportViewerWebControl.axd?Mode=true&ReportID=%3CarbitraryIDvalue%3E&ControlID=%3CvalidControlID%3E&Culture=1033&UICulture=1033&ReportStack=1&OpType=SessionKeepAlive&TimerMethod=KeepAliveMethodctl00_PlaceHolderMain_SiteTopUsersByHits_ctl00T
Exploit-DB
Dragonfly CMS 9.0.6.1 Stories_Archive Module - Multiple Cross-Site Scripting Vulnerabilities
exploitdb·2006-02-22
CVE-2006-1033 Dragonfly CMS 9.0.6.1 Stories_Archive Module - Multiple Cross-Site Scripting Vulnerabilities
Dragonfly CMS 9.0.6.1 Stories_Archive Module - Multiple Cross-Site Scripting Vulnerabilities
---
source: https://www.securityfocus.com/bid/16784/info
Dragonfly is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
http://www.example.com/index.php?name=Stories_Archive&sa=show_month&year=2005&month=11">alert()
http://www.example.com/index.php?name=Stories_Archive&sa=show_month&year=2005">alert()> &month=11
http://www.example.com/index.php?name=Stories_Archive&sa=show_all">alert(
Exploit-DB
CubeCart 2.0.x - 'view_cart.php?add' Full Path Disclosure
exploitdb·2005-04-06
CVE-2005-1033 CubeCart 2.0.x - 'view_cart.php?add' Full Path Disclosure
CubeCart 2.0.x - 'view_cart.php?add' Full Path Disclosure
---
source: https://www.securityfocus.com/bid/13050/info
CubeCart is reported prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries.
These issues affect the 'index.php', 'tellafriend.php', 'view_cart.php', and 'view_product.php' script.
These vulnerabilities could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation. This is not confir
Exploit-DB
CubeCart 2.0.x - 'tellafriend.php?product' Full Path Disclosure
exploitdb·2005-04-06
CVE-2005-1033 CubeCart 2.0.x - 'tellafriend.php?product' Full Path Disclosure
CubeCart 2.0.x - 'tellafriend.php?product' Full Path Disclosure
---
source: https://www.securityfocus.com/bid/13050/info
CubeCart is reported prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries.
These issues affect the 'index.php', 'tellafriend.php', 'view_cart.php', and 'view_product.php' script.
These vulnerabilities could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation. This is not
Exploit-DB
CubeCart 2.0.x - 'view_product.php?product' Full Path Disclosure
exploitdb·2005-04-06
CVE-2005-1033 CubeCart 2.0.x - 'view_product.php?product' Full Path Disclosure
CubeCart 2.0.x - 'view_product.php?product' Full Path Disclosure
---
source: https://www.securityfocus.com/bid/13050/info
CubeCart is reported prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries.
These issues affect the 'index.php', 'tellafriend.php', 'view_cart.php', and 'view_product.php' script.
These vulnerabilities could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation. This is not
Exploit-DB
CubeCart 2.0.x - 'index.php' Multiple Full Path Disclosures
exploitdb·2005-04-06
CVE-2005-1033 CubeCart 2.0.x - 'index.php' Multiple Full Path Disclosures
CubeCart 2.0.x - 'index.php' Multiple Full Path Disclosures
---
source: https://www.securityfocus.com/bid/13050/info
CubeCart is reported prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries.
These issues affect the 'index.php', 'tellafriend.php', 'view_cart.php', and 'view_product.php' script.
These vulnerabilities could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation. This is not conf
No writeups or analysis indexed.
2005-05-02
Published