Multiple buffer overflows in the (1) vGetPost and (2) main functions in easy-scart.c through easy-scart6.c in iShopCart allow remote attackers to execute arbitrary code by sending a large amount of data containing "Submit" in an sslinvoice action, and allow remote attackers to have an unknown impact via a large amount of posted data.
Max CVSS
7.5
EPSS Score
14.73%
Published
2006-06-05
Updated
2018-10-18
Directory traversal vulnerability in easy-scart.cgi in iShopCart allows remote attackers to read arbitrary files via a .. (dot dot) in the query string.
Max CVSS
7.8
EPSS Score
0.54%
Published
2006-06-05
Updated
2018-10-18
2 vulnerabilities found