// archives

Advisories

RSS feed for this section
This category contains 3 posts

IXXO Cart! Standalone and Joomla Component SQL Injection

By David July 25, 2009 Post a comment

Ref. [DSF-03-2009] – IXXO Cart! Standalone and Joomla Component SQL Injection
Vendor: IXXO Internet Solutions
Status: Patched by vendor
IXXO Cart!
IXXO Cart is an extremely powerful php shopping cart and web site builder application. Designed from a marketing perspective, this ecommerce application is feature-packed, robust, scalable and easy to use. IXXO Cart Plus is the clear choice for [...]

Zoki Catalog SQL Injection

By David June 15, 2009 Post a comment

This PHP based catalog is vulnerable to SQL Injection on search form.
Injecting a quote mark will break the SQL query and even provide sensitive database information that could help a malicious user to complete and enter a valid SQL injection query.

Arcade Trade Script XSS

By David May 25, 2009 Post a comment

Arcade Trade Script is a full arcade site CMS (Content Management System) with easy customization and advanced traffic trading system built in. With ATS you will hardly ever have to FTP anything. Almost all files, pages, and meta tags can be edited from the admin panel. ATS is extremely easy to use and works for [...]