|
257741
|
- |
|
lockon
|
ec-cube
|
data/class/helper/SC_Helper_Address.php in the front-features implementation in LOCKON EC-CUBE 2.12.3 through 2.13.0 allows remote authenticated users to obtain sensitive information via unspecified …
|
CWE-200
Information Exposure
|
CVE-2013-5995
|
2013-11-21 23:58 |
2013-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257742
|
- |
|
lockon
|
ec-cube
|
Per: http://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000106.html
"User's information may be obtained or altered by other user who visits the shopping site"
|
CWE-200
Information Exposure
|
CVE-2013-5995
|
2013-11-21 23:58 |
2013-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257743
|
- |
|
lockon
|
ec-cube
|
Multiple cross-site scripting (XSS) vulnerabilities in shopping/payment.tpl components in LOCKON EC-CUBE 2.11.0 through 2.13.0 allow remote attackers to inject arbitrary web script or HTML via crafte…
|
CWE-79
Cross-site Scripting
|
CVE-2013-5996
|
2013-11-21 23:58 |
2013-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257744
|
- |
|
pineapp
|
mail-secure
|
Absolute path traversal vulnerability in admin/viewmsg.php in PineApp Mail-SeCure allows remote attackers to read arbitrary files via a full pathname in the msg parameter.
|
CWE-22
Path Traversal
|
CVE-2013-6827
|
2013-11-21 23:46 |
2013-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257745
|
- |
|
pineapp
|
mail-secure
|
admin/management.html in PineApp Mail-SeCure allows remote attackers to bypass authentication and perform a sys_usermng operation via the it parameter.
|
CWE-287
Improper Authentication
|
CVE-2013-6828
|
2013-11-21 23:45 |
2013-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257746
|
- |
|
pineapp
|
mail-secure
|
admin/confnetworking.html in PineApp Mail-SeCure allows remote attackers to execute arbitrary commands via shell metacharacters in the pinghost parameter during a ping operation.
|
CWE-94
Code Injection
|
CVE-2013-6829
|
2013-11-21 23:45 |
2013-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257747
|
- |
|
lockon
|
ec-cube
|
The displaySystemError function in html/handle_error.php in LOCKON EC-CUBE 2.11.0 through 2.11.5 allows remote attackers to obtain sensitive information by leveraging incorrect handling of error-log …
|
CWE-200
Information Exposure
|
CVE-2013-5991
|
2013-11-21 23:36 |
2013-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257748
|
- |
|
lockon
|
ec-cube
|
Cross-site scripting (XSS) vulnerability in the displaySystemError function in html/handle_error.php in LOCKON EC-CUBE 2.11.0 through 2.11.5 allows remote attackers to inject arbitrary web script or …
|
CWE-79
Cross-site Scripting
|
CVE-2013-5992
|
2013-11-21 23:36 |
2013-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257749
|
- |
|
lockon
|
ec-cube
|
Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 2.11.0 through 2.13.0 allows remote attackers to hijack the authentication of arbitrary users via unspecified vectors related to refu…
|
CWE-352
Origin Validation Error
|
CVE-2013-5993
|
2013-11-21 23:35 |
2013-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257750
|
- |
|
lockon
|
ec-cube
|
data/class/pages/mypage/LC_Page_Mypage_DeliveryAddr.php in LOCKON EC-CUBE 2.11.2 through 2.13.0 allows remote attackers to obtain sensitive information via a direct request, which reveals the full pa…
|
CWE-200
Information Exposure
|
CVE-2013-5994
|
2013-11-21 23:35 |
2013-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
