Webplus (aka talentsoft) Web+Shop 5.3.6, when Redirect URL for "Script Not Found" Error is not configured, allows remote attackers to obtain sensitive information via a quote (') or possibly other invalid value in the storeid parameter in store.wml in webplus.exe, which reveals the path in a "Script Not Found" error message.
Max CVSS
5.0
EPSS Score
0.91%
Published
2006-04-20
Updated
2018-10-18
Cross-site scripting (XSS) vulnerability in webplus.exe in TalentSoft Web+Shop 5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the deptname parameter, possibly involving the webpshop/ department.wml script.
Max CVSS
4.3
EPSS Score
0.79%
Published
2006-04-11
Updated
2017-07-20
Buffer overflow in Talentsoft Web+ 5.0 allows remote attackers to execute arbitrary code via an HTTP request with a long cookie.
Max CVSS
10.0
EPSS Score
6.47%
Published
2002-08-12
Updated
2008-09-05
Buffer overflow in Talentsoft Web+ 5.0 and earlier allows remote attackers to execute arbitrary code via a long Web Markup Language (wml) file name to (1) webplus.dll or (2) webplus.exe.
Max CVSS
10.0
EPSS Score
4.82%
Published
2002-07-26
Updated
2008-09-10
Buffer overflow in webpsvc.exe for Talentsoft Web+ 5.0 and earlier allows remote attackers to execute arbitrary code via a long argument to webplus.exe program, which triggers the overflow in webpsvc.exe.
Max CVSS
10.0
EPSS Score
7.05%
Published
2002-07-26
Updated
2017-07-19
TalentSoft webpsvr daemon in the Web+ shopping cart application allows remote attackers to read arbitrary files via a .. (dot dot) attack on the webplus CGI program.
Max CVSS
5.0
EPSS Score
1.02%
Published
2000-04-12
Updated
2008-09-10
6 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!