[CLOSE] OSVDB ID : 53652 - Disclosed: 2009-04-13

Description:

Multiple X Engine Soft products contain a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the Admin Login Page not properly sanitizing user-supplied input to the 'USERNAME' and 'PASSWORD' parameters. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 34405 - Disclosed: 2007-03-21

Description:

(Description Provided by CVE) : Integer overflow in X MultiMedia System (xmms) 1.2.10, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via crafted header information in a skin bitmap image, which triggers memory corruption.

[CLOSE] OSVDB ID : 34406 - Disclosed: 2007-03-21

Description:

(Description Provided by CVE) : Integer underflow in X MultiMedia System (xmms) 1.2.10 allows user-assisted remote attackers to execute arbitrary code via crafted header information in a skin bitmap image, which results in a stack-based buffer overflow.

[CLOSE] OSVDB ID : 5856 - Disclosed: 1995-11-02

Description:

The X Window System contains a flaw that may allow a remote attacker to access arbitrary X sessions. The problem is that the system rand() function, used to generate MIT-MAGIC-COOKIE-1 keys when DES is not available, is weak on some systems. It is possible that the flaw may allow to obtain passwords and/or execute commands resulting in a loss of confidentiality and/or integrity.

[CLOSE] OSVDB ID : 39250 - Disclosed: 2006-10-07

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 57730 - Disclosed: 1990-03-09

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 57740 - Disclosed: 1990-07-20

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 86924 - Disclosed: 2002-06-10

Description:

X Windows (X11R6) contains a flaw that may allow a remote denial of service. The issue is triggered when an error occurs during the handling of an overly large font size, which will result in a loss of availability for the system.

[CLOSE] OSVDB ID : 90769 - Disclosed: 2013-02-14

Description:

X-Cart contains an unspecified flaw that may allow a remote attacker to bypass restrictions and access the admin backend. Given the vendor's wording, it is likely, though not confirmed, that this leverages an SQL injection.

[CLOSE] OSVDB ID : 90772 - Disclosed: 2013-02-14

Description:

X-Cart contains a flaw that leads to unauthorized privileges being gained. The issue is triggered when handling a specially crafted request, which may allow a remote attacker to gain elevated privileges and access to the administration backend.

[CLOSE] OSVDB ID : 38977 - Disclosed: 2007-09-11

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in X-Cart allow remote attackers to execute arbitrary PHP code via a URL in the xcart_dir parameter to (1) config.php, (2) prepare.php, (3) smarty.php, (4) customer/product.php, (5) provider/auth.php, and (6) admin/auth.php.

[CLOSE] OSVDB ID : 3810 - Disclosed: 2004-02-03

Description:

X-Cart contains a flaw that may lead to an unauthorized information disclosure. The problem is that the "auth.php" script does not validate user-supplied input to the "shop_closed_file" variable. With a specially crafted URL request a remote attacker could view any file on the Web server resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 38972 - Disclosed: 2007-09-11

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in X-Cart allow remote attackers to execute arbitrary PHP code via a URL in the xcart_dir parameter to (1) config.php, (2) prepare.php, (3) smarty.php, (4) customer/product.php, (5) provider/auth.php, and (6) admin/auth.php.

[CLOSE] OSVDB ID : 90771 - Disclosed: 2013-02-14

Description:

X-Cart contains a flaw that leads to unauthorized privileges being gained. The issue is triggered when logging in with a specially crafted customer account, which may allow a remote attacker to gain elevated privileges and access to the administration backend.

[CLOSE] OSVDB ID : 58885 - Disclosed: 2009-10-06

Description:

X-Cart contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'email' parameters upon submission to the 'customer/home.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 38975 - Disclosed: 2007-09-11

Description:

X-Cart contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to product.php not properly sanitizing user input supplied to the 'xcart_dir' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 90773 - Disclosed: 2013-02-14

Description:

X-Cart contains a flaw that may lead to unauthorized disclosure of potentially sensitive information. The issue is triggered when a direct request is sent for the root of the store. This will allow a remote attacker to gain access to sensitive archives.

[CLOSE] OSVDB ID : 90774 - Disclosed: 2013-02-14

Description:

X-Cart contains a flaw that leads to unauthorized privileges being gained. The issue is triggered when a malicious script is uploaded and ran via the administration back end of the store. With a specially crafted Smarty tag, a remote attacker can gain elevated privileges.

[CLOSE] OSVDB ID : 3811 - Disclosed: 2004-02-03

Description:

X-Cart contains a flaw that may lead to an unauthorized information disclosure. The problem is that the "general.php" script does not validate user-supplied input to the "mode" variable. With a specially crafted URL request a remote attacker could reveal the installation path resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 3808 - Disclosed: 2004-02-03

Description:

X-Cart contains a flaw that may allow a remote attacker to execute arbitrary commands. The problem is that the 'general.php' script does not validate user-supplied input to the "perl_binary" variable. With a specially crafted URL request a remote attacker could execute arbitrary commands with the privileges of the Web server resulting in a loss of integrity.

[CLOSE] OSVDB ID : 16946 - Disclosed: 2005-05-30

Description:

X-Cart Gold contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'id' variable in the error_message.php script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.

[CLOSE] OSVDB ID : 16938 - Disclosed: 2005-05-30

Description:

X-Cart Gold contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'id' variable upon submission to the error_message.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 16951 - Disclosed: 2005-05-30

Description:

X-Cart Gold contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'gcid' and 'gcindex' variables in the giftcert.php script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.

[CLOSE] OSVDB ID : 16943 - Disclosed: 2005-05-30

Description:

X-Cart Gold contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'gcid' or 'gcindex' variables upon submission to the giftcert.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 16947 - Disclosed: 2005-05-30

Description:

X-Cart Gold contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'section' variable in the help.php script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.

[CLOSE] OSVDB ID : 16939 - Disclosed: 2005-05-30

Description:

X-Cart Gold contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'section' variable upon submission to the help.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 16944 - Disclosed: 2005-05-30

Description:

X-Cart Gold contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'cat' and 'printable' variables in the home.php script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.

[CLOSE] OSVDB ID : 16936 - Disclosed: 2005-05-30

Description:

X-Cart Gold contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'cat' or 'printable' variables upon submission to the home.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 16948 - Disclosed: 2005-05-30

Description:

X-Cart Gold contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'mode' variable in the orders.php script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.

[CLOSE] OSVDB ID : 16940 - Disclosed: 2005-05-30

Description:

X-Cart Gold contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'mode' variable upon submission to the orders.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.