Search criteria
3 vulnerabilities by fishnet
CVE-2005-1486 (GCVE-0-2005-1486)
Vulnerability from cvelistv5 – Published: 2005-05-11 04:00 – Updated: 2024-08-07 21:51
VLAI?
Summary
Multiple cross-site scripting vulnerabilities in FishCart 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) trackingnum, (2) reqagree, or (3) m parameter to upstracking.php or (4) nlst parameter to display.php. NOTE: the vendor was not able to reproduce some of the reported vectors but believes that they have been addressed. The original researcher is known to be unreliable.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:51:50.144Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050504 Multiple SQL injections and XSS in FishCart 3.1",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111530799109755\u0026w=2"
},
{
"name": "16280",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/16280"
},
{
"name": "20070123 Re: Multiple SQL injections and XSS in FishCart 3.1",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/457754/100/200/threaded"
},
{
"name": "15232",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/15232/"
},
{
"name": "fishcart-multiple-xss(20384)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20384"
},
{
"name": "16281",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/16281"
},
{
"name": "[fishcart] 20050521 Re: Concerned about security",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.fishcart.org/archives/200505/msg00028.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.digitalparadox.org/advisories/fishc.txt"
},
{
"name": "13499",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/13499"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-05-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting vulnerabilities in FishCart 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) trackingnum, (2) reqagree, or (3) m parameter to upstracking.php or (4) nlst parameter to display.php. NOTE: the vendor was not able to reproduce some of the reported vectors but believes that they have been addressed. The original researcher is known to be unreliable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050504 Multiple SQL injections and XSS in FishCart 3.1",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111530799109755\u0026w=2"
},
{
"name": "16280",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/16280"
},
{
"name": "20070123 Re: Multiple SQL injections and XSS in FishCart 3.1",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/457754/100/200/threaded"
},
{
"name": "15232",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/15232/"
},
{
"name": "fishcart-multiple-xss(20384)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20384"
},
{
"name": "16281",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/16281"
},
{
"name": "[fishcart] 20050521 Re: Concerned about security",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.fishcart.org/archives/200505/msg00028.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.digitalparadox.org/advisories/fishc.txt"
},
{
"name": "13499",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/13499"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1486",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting vulnerabilities in FishCart 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) trackingnum, (2) reqagree, or (3) m parameter to upstracking.php or (4) nlst parameter to display.php. NOTE: the vendor was not able to reproduce some of the reported vectors but believes that they have been addressed. The original researcher is known to be unreliable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050504 Multiple SQL injections and XSS in FishCart 3.1",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111530799109755\u0026w=2"
},
{
"name": "16280",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/16280"
},
{
"name": "20070123 Re: Multiple SQL injections and XSS in FishCart 3.1",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/457754/100/200/threaded"
},
{
"name": "15232",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15232/"
},
{
"name": "fishcart-multiple-xss(20384)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20384"
},
{
"name": "16281",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/16281"
},
{
"name": "[fishcart] 20050521 Re: Concerned about security",
"refsource": "MLIST",
"url": "http://www.fishcart.org/archives/200505/msg00028.html"
},
{
"name": "http://www.digitalparadox.org/advisories/fishc.txt",
"refsource": "MISC",
"url": "http://www.digitalparadox.org/advisories/fishc.txt"
},
{
"name": "13499",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13499"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1486",
"datePublished": "2005-05-11T04:00:00",
"dateReserved": "2005-05-11T00:00:00",
"dateUpdated": "2024-08-07T21:51:50.144Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-1487 (GCVE-0-2005-1487)
Vulnerability from cvelistv5 – Published: 2005-05-11 04:00 – Updated: 2024-08-07 21:51 Disputed
VLAI?
Summary
Multiple SQL injection vulnerabilities in FishCart 3.1 allow remote attackers to execute arbitrary SQL commands via the (1) cartid parameter to upstnt.php or (2) psku parameter to display.php. NOTE: the vendor disputes this report, saying that they are forced SQL errors. The original researcher is known to be unreliable
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:51:50.223Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "16283",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/16283"
},
{
"name": "20050504 Multiple SQL injections and XSS in FishCart 3.1",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111530799109755\u0026w=2"
},
{
"name": "20070123 Re: Multiple SQL injections and XSS in FishCart 3.1",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/457754/100/200/threaded"
},
{
"name": "15232",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/15232/"
},
{
"name": "16282",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/16282"
},
{
"name": "fishcart-multiple-sql-injection(20386)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20386"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.digitalparadox.org/advisories/fishc.txt"
},
{
"name": "13499",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/13499"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-05-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in FishCart 3.1 allow remote attackers to execute arbitrary SQL commands via the (1) cartid parameter to upstnt.php or (2) psku parameter to display.php. NOTE: the vendor disputes this report, saying that they are forced SQL errors. The original researcher is known to be unreliable"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "16283",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/16283"
},
{
"name": "20050504 Multiple SQL injections and XSS in FishCart 3.1",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111530799109755\u0026w=2"
},
{
"name": "20070123 Re: Multiple SQL injections and XSS in FishCart 3.1",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/457754/100/200/threaded"
},
{
"name": "15232",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/15232/"
},
{
"name": "16282",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/16282"
},
{
"name": "fishcart-multiple-sql-injection(20386)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20386"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.digitalparadox.org/advisories/fishc.txt"
},
{
"name": "13499",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/13499"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1487",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** Multiple SQL injection vulnerabilities in FishCart 3.1 allow remote attackers to execute arbitrary SQL commands via the (1) cartid parameter to upstnt.php or (2) psku parameter to display.php. NOTE: the vendor disputes this report, saying that they are forced SQL errors. The original researcher is known to be unreliable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16283",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/16283"
},
{
"name": "20050504 Multiple SQL injections and XSS in FishCart 3.1",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111530799109755\u0026w=2"
},
{
"name": "20070123 Re: Multiple SQL injections and XSS in FishCart 3.1",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/457754/100/200/threaded"
},
{
"name": "15232",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15232/"
},
{
"name": "16282",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/16282"
},
{
"name": "fishcart-multiple-sql-injection(20386)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20386"
},
{
"name": "http://www.digitalparadox.org/advisories/fishc.txt",
"refsource": "MISC",
"url": "http://www.digitalparadox.org/advisories/fishc.txt"
},
{
"name": "13499",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13499"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1487",
"datePublished": "2005-05-11T04:00:00",
"dateReserved": "2005-05-11T00:00:00",
"dateUpdated": "2024-08-07T21:51:50.223Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0062 (GCVE-0-2004-0062)
Vulnerability from cvelistv5 – Published: 2004-01-15 05:00 – Updated: 2024-08-08 00:01
VLAI?
Summary
Integer overflow in the rnd arithmetic rounding function for various versions of FishCart before 3.1 allows remote attackers to "cause negative totals" via an order with a large quantity.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:01:23.624Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1008731",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1008731"
},
{
"name": "20040114 FishCart Integer Overflow / Rounding Error",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107411850203994\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-01-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the rnd arithmetic rounding function for various versions of FishCart before 3.1 allows remote attackers to \"cause negative totals\" via an order with a large quantity."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1008731",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1008731"
},
{
"name": "20040114 FishCart Integer Overflow / Rounding Error",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107411850203994\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0062",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the rnd arithmetic rounding function for various versions of FishCart before 3.1 allows remote attackers to \"cause negative totals\" via an order with a large quantity."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1008731",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1008731"
},
{
"name": "20040114 FishCart Integer Overflow / Rounding Error",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=107411850203994\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0062",
"datePublished": "2004-01-15T05:00:00",
"dateReserved": "2004-01-14T00:00:00",
"dateUpdated": "2024-08-08T00:01:23.624Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}