Magento version 2.4.6 XSLT server-side injection proof of concept exploit.
ae81950e2fc15cf464a8175e05b574b8b5b2ed4aba982fabb1e7d86affd1d181FireBear Improved Import and Export version 3.8.6 for Magento 2.4.6 suffers from an XSLT server-side injection vulnerability that allows for command execution.
df34e619c87b7e586946acac49e63f30ac9fb2932315a44429238bc3e51eb867Magento version 2.4.6 suffers from an XSLT server side injection vulnerability that allows for remote command execution.
f9be4bd2cd3a935d1b1911f4dc66750b1b4e10e9f0e0a5d9921fedffe77d7f52Magento eCommerce version 2.4.0 suffers from an information disclosure vulnerability.
ab3ecd35ea1bd5ea43f71e8cc7229f70824a190697fc616d9688716fd6a524a1Magento eCommerce CE version 2.3.5-p2 suffers from a remote blind SQL injection vulnerability.
6bd20eca04da6895841882a1873693c9a525676db72c5667f0148e99e19eaeb3Adobe Magento Commerce versions prior to 2.4.2 suffer from a cross site scripting vulnerability.
901c1af1587ebc9a26b154995ec271cad02931488eb9cef602e6b0bd29fa4817Magento WooCommerce CardGate Payment Gateway version 2.0.30 suffers from a payment process bypass vulnerability.
faccc20610a3a485e40c8340014f14252b181308de06bde1189b8099b5152e83Magento versions 2.2.0 through 2.3.0 unauthenticated remote SQL injection exploit.
fb8e5118d988e50510319ef6725fac056f280cc00faa123b19459e9412e70b6bMagento suffers from product attribute information related cross site scripting vulnerabilities. Versions affected include Magento 2.0 prior to 2.0.18, Magento 2.1 prior to 2.1.12, and Magento 2.2 prior to 2.2.3.
549e235e03ef0bdbe9eea05a3e1bd3f340f29761c9abdad73f4036142c0591e3Magento suffers from downloadable product information related cross site scripting vulnerabilities. Versions affected include Magento 2.0 prior to 2.0.18, Magento 2.1 prior to 2.1.12, and Magento 2.2 prior to 2.2.3.
1bbd2c7b993ffcb1a4ef9c205272274661f6065ff4e313cd2057ced8ea75d918Magento Backups suffer from a cross site request forgery vulnerability. Versions affected include Magento Open Source prior to 1.9.3.8, Magento Commerce prior to 1.14.3.8, Magento 2.0 prior to 2.0.18, Magento 2.1 prior to 2.1.12, and Magento 2.2 prior to 2.2.3.
6d870f518782a4d674caa1e656efd73fa25831cbd1426facfd575d0b2defcd72Magento suffers from user information related cross site scripting vulnerabilities. Versions affected include Magento 2.0 prior to 2.0.18, Magento 2.1 prior to 2.1.12, and Magento 2.2 prior to 2.2.3.
8655d134ed2747f6351bd7d013f6487b55c2509759a2cba576f6d2143f46f59dMagento Commerce suffers from a server-side request forgery vulnerability.
1b97b6d0217df01399ed249baa6ccf75d4e0bcb15c924c8dab1f85d9a963a2f3Magento Connect T1 suffers from a persistent cross site scripting vulnerability.
9dd4f20451076e82d19e763c373999dc1a6852006efc110285863089e2fe1674During a security audit of Magento Community Edition / Open Source and Commerce, cross site request forgery and stored cross site scripting vulnerabilities were discovered that could lead to administrator account takeover, putting the website customers and their payment information at risk. Versions affected include Magento CE 1 prior to 1.9.3.6, Magento Commerce prior to 1.14.3.6, Magento 2.0 prior to 2.0.16, and Magento 2.1 prior to 2.1.9.
4d32bf78790a47b612f73e6f5369bdb54efc47178d31a6a5c2caee2287e9d34fDuring a security audit of Magento Community Edition / Open Source and Commerce, cross site request forgery and stored cross site scripting vulnerabilities were discovered that could lead to administrator account takeover, putting the website customers and their payment information at risk. This is a second advisory from DefenseCode for the same software and vulnerabilities. Versions affected include Magento CE 1 prior to 1.9.3.6, Magento Commerce prior to 1.14.3.6, Magento 2.0 prior to 2.0.16, and Magento 2.1 prior to 2.1.9.
8d86ea8e9eb75bb36c388fcd274b7cd6fb4431c98f0098e80d1cb745bb4f4af9Magento versions 2.1.6 and below suffers from cross site request forgery and shell upload vulnerabilities.
ec3736ddab1c899309a6378effc0830e101ad19846971bb0f43a9f8c173055b2This is a piece of software that tries to login to Magento administrative panels using a list of websites, logins, and passwords. Written in C++.
084ff1803c63eac0a6875fa94140fee427f36799ed0e2a39ee9a4fa8c565d48cThis Metasploit module exploits a PHP object injection vulnerability in Magento 2.0.6 or prior.
0f4a54fd7327964f36b2aa61027c88bb06c66470231cb05fee46900549f0def5Magento versions prior to 2.0.6 suffer from an unauthenticated arbitrary unserialize to arbitrary write file vulnerability.
aabdfe5b303d6f19ce1fc498c50679f141c6beebfcd6c15c192c8f28b94a86a8Magento versions 1.9.2.2 and below suffer from an information disclosure vulnerability in their RSS feed.
01b433ea9ea8a8bfd60a02085deff0d6671bc1935cc0aafe2a78128162522f37eBay Magento suffered from a persistent mail encoding vulnerability.
1f7e3c4c0d1e24a790c770bc054c59941b6b14c695d15033a678f7bdd0ccdf23Magento versions 1.9.x suffer from a man-in-the-middle vulnerability.
1a8ec89508ab76d3e1690d5c566a439a7120f88d7945d716564e509ba86b8747Ebay Magento suffered from multiple cross site request forgery vulnerabilities.
9100b8e6174a98fe814cca49771a623e8ed97ea3ca97aba563a8cdfb93846e04Ebay Magento Commerce suffered from a cross site scripting vulnerability.
d053d31a2e30a77f10b17da4ec3786d918f2e3f72ec4c69bda9bb8bedc20b230eBay Magento CE versions 1.9.2.1 and below and eBay Magento EE versions 1.14.2.1 and below suffer from an XXE injection vulnerability.
08393363d6670e33368d62daac52944168d2958ae3fd00c5baedaa4999a731b3
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed