#ibm

The CartIt shopping cart application allows remote users to modify sensitive purchase information via hidden form fields.

The Cart32 shopping cart application allows remote users to modify sensitive purchase information via hidden form fields.

The @Retail shopping cart application allows remote users to modify sensitive purchase information via hidden form fields.

The WebSiteTool shopping cart application allows remote users to modify sensitive purchase information via hidden form fields.

The Intellivend shopping cart application allows remote users to modify sensitive purchase information via hidden form fields.

The EasyCart shopping cart application allows remote users to modify sensitive purchase information via hidden form fields.

The shopping cart application provided with Filemaker allows remote users to modify sensitive purchase information via hidden form fields.

The mcsp Client Site Processor system (MultiCSP) in Standard and Poor's ComStock is installed with several accounts that have no passwords or easily guessable default passwords.

Sample Internet Data Query (IDQ) scripts in IIS 3 and 4 allow remote attackers to read files via a .. (dot dot) attack.

Buffer overflow in Netscape Communicator before 4.7 via a dynamic font whose length field is less than the size of the font.