7Safe

3 exploits Active since Mar 2010
CVE-2010-1003 EXPLOITDB text WORKING POC
eFront 3.5.x-3.5.5 - Path Traversal via Language Parameter
Directory traversal vulnerability in www/editor/tiny_mce/langs/language.php in eFront 3.5.x through 3.5.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the langname parameter.
CVE-2010-1931 EXPLOITDB text WRITEUP
CubeCart 4.3.4-4.3.9 - SQL Injection via shipKey Parameter
SQL injection vulnerability in includes/content/cart.inc.php in CubeCart PHP Shopping cart 4.3.4 through 4.3.9 allows remote attackers to execute arbitrary SQL commands via the shipKey parameter to index.php.
CVE-2010-1486 EXPLOITDB text WRITEUP
CactuShop < 6.155 - Stored Cross-Site Scripting via Billing or Shipping Address
Multiple cross-site scripting (XSS) vulnerabilities in _invoice.asp in CactuShop before 6.155 allow remote attackers to inject arbitrary web script or HTML via the (1) billing address or (2) shipping address.