MidnightBSD

Advisories for craig_dansie

CVE-2000-0252 MEDIUM

The dansie shopping cart application cart.pl allows remote attackers to execute commands via a shell metacharacters in a form variable.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
craig_dansie dansie_shopping_cart 3.0.4
CVE-2000-0253 HIGH

The dansie shopping cart application cart.pl allows remote attackers to modify sensitive purchase information via hidden form fields.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
craig_dansie dansie_shopping_cart 3.0.4
CVE-2000-0254 MEDIUM

The dansie shopping cart application cart.pl allows remote attackers to obtain the shopping cart database and configuration information via a URL that references either the env, db, or vars form variables.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
craig_dansie dansie_shopping_cart 3.0.4
CVE-2005-2217 MEDIUM

Dansie Shopping Cart stores the vars.dat file under the web root with insufficient access control, which might allow remote attackers to obtain sensitive information such as program variables.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
craig_dansie dansie_shopping_cart *