cbcvebase.

Mcmurtrey Whitaker And Associates Cart32 vulnerabilities

4 known vulnerabilities affecting mcmurtrey_whitaker_and_associates/cart32.

Total CVEs
4
CISA KEV
0
Public exploits
4
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM3

Vulnerabilities

Page 1 of 1
CVE-2000-0429P3HIGHCVSS 7.5PoCv2.6v3.02000-04-27
CVE-2000-0429 [HIGH] CVE-2000-0429: A backdoor password in Cart32 3.0 and earlier allows remote attackers to execute arbitrary commands. A backdoor password in Cart32 3.0 and earlier allows remote attackers to execute arbitrary commands.
nvd
CVE-2007-5253P3MEDIUMCVSS 5.0PoC≤ 6.32007-10-06
CVE-2007-5253 [MEDIUM] CWE-20 CVE-2007-5253: c32web.exe in McMurtrey/Whitaker Cart32 before 6.4 allows remote attackers to read arbitrary files v c32web.exe in McMurtrey/Whitaker Cart32 before 6.4 allows remote attackers to read arbitrary files via the ImageName parameter in a GetImage action, by appending a NULL byte (%00) sequence followed by an image file extension, as demonstrated by a request for a ".txt%00.gif" file. NOTE: this might be a directory traversal vulnerability.
nvd
CVE-2004-0675P4MEDIUMCVSS 6.8PoCv2.5av2.6+8 more2004-08-06
CVE-2004-0675 [MEDIUM] CVE-2004-0675: Cross-site scripting (XSS) vulnerability in (1) cart32.exe or (2) c32web.exe in Cart32 shopping cart Cross-site scripting (XSS) vulnerability in (1) cart32.exe or (2) c32web.exe in Cart32 shopping cart allows remote attackers to execute arbitrary web script via the cart32 parameter to a GetLatestBuilds command.
nvd
CVE-2000-0430P4MEDIUMCVSS 5.0PoCv3.02000-05-03
CVE-2000-0430 [MEDIUM] CVE-2000-0430: Cart32 allows remote attackers to access sensitive debugging information by appending /expdate to th Cart32 allows remote attackers to access sensitive debugging information by appending /expdate to the URL request.
nvd
Mcmurtrey Whitaker And Associates Cart32 vulnerabilities | cvebase