Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or...
9.1AI Score
0.001EPSS
PayPal Payments Standard PHP Library 20120427 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related....
7.1AI Score
0.001EPSS
Amazon Flexible Payments Service (FPS) PHP Library does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate,...
7.1AI Score
0.001EPSS
Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle...
6.6AI Score
0.002EPSS
The PayPal Payments Pro module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to....
6.8AI Score
0.001EPSS
PayPal Payments Standard PHP Library 20120427 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related....
6.6AI Score
0.001EPSS
Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle...
6.7AI Score
0.002EPSS
Amazon Flexible Payments Service (FPS) PHP Library does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate,...
6.6AI Score
0.001EPSS
PayPal Payments Standard PHP Library before 20120427 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate,.....
6.6AI Score
0.001EPSS
Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or...
8.3AI Score
0.001EPSS
Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle...
2.9AI Score
0.004EPSS
Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or...
2.9AI Score
0.001EPSS
PG Dating Pro v1.0 CMS - Multiple Web Vulnerabilities
Title: PG Dating Pro v1.0 CMS - Multiple Web Vulnerabilities Date: 2012-10-29 References: http://www.vulnerability-lab.com/get_content.php?id=736 VL-ID: 736 Common Vulnerability Scoring System: 8.5 Introduction: Professional online dating script is a basis for a successful online dating, community....
-0.3AI Score
7.4AI Score
0.7AI Score
ZeroAccess Botnet Cashing in on Click Fraud and Bitcoin Mining
A mid-year switch in communication protocol and distribution strategy is behind a spike in activity from the ZeroAccess botnet, a prolific and malicious ad click fraud network. Researchers at Kindsight Security Lab reported today that ZeroAccess accounts for 29 percent of home network infections...
-0.1AI Score
TomatoCart with PayPal Express Checkout design flaw vulnerability
Overview TomatoCart 1.1.7 with PayPal Express Checkout, and possibly other versions, contains a design flaw that may allow an attacker to purchase items for free or less than advertised. Description It has been reported that TomatoCart 1.1.7 using the PayPal Express Checkout module in sandbox...
-0.7AI Score
0.003EPSS
0.4AI Score
0.5AI Score
7.1AI Score
SSL Vulnerabilities Found in Critical Non-Browser Software Packages
The death knell for SSL is getting louder. Researchers at the University of Texas at Austin and Stanford University have discovered that poorly designed APIs used in SSL implementations are to blame for vulnerabilities in many critical non-browser software packages. Serious security...
0.5AI Score
Verizon DBIR Analysis: Opportunistic Attacks Crushing Certain Industries
Regardless of the market or industry, the majority of attacks are financially motivated. Even in data-rich environments such as health care, attackers are still after profits and exploit the same weaknesses and transaction processing systems that are vulnerable in other industries such as hotels...
1.7AI Score
Report: Service Offers Cheap Access to Hacked Servers
An online service that sells fairly cheap access to compromised corporate machines creates a pay-to-play scenario for criminals seeking access to the networks of high-profile organizations, according to a Krebs on Security report. Brian Krebs writes that Dedicatexpress.com currently has access to.....
1.8AI Score
NeoBill CMS v0.8 Alpha - Multiple Web Vulnerabilities
Title: NeoBill CMS v0.8 Alpha - Multiple Web Vulnerabilities Date: 2012-08-18 References: http://www.vulnerability-lab.com/get_content.php?id=685 VL-ID: 685 Common Vulnerability Scoring System: 3.5 Introduction: NeoBill is a web-based Customer Management and Billing solution designed for web...
-0.2AI Score
Remote command execution vulnerability in ViArt Shop payments/sips_response.php Vulnerability Type: Remote Command...
1.8AI Score
Remote command execution vulnerability in ViArt Shop payments/sips_response.php Vulnerability Type: Remote Command...
1.8AI Score
AI Score
AI Score
AI Score
7.1AI Score
PG Dating Pro CMS 1.0 Cross Site Scripting / SQL Injection
PG Dating Pro CMS version 1.0 suffers from cross site scripting and remote SQL injection...
7.9AI Score
1.5AI Score
7.3AI Score
ViArt Shop Enterprise 4.1 Arbitrary Command Execution / XSS Vulnerabilities
Exploit for php platform in category web...
7.1AI Score
ViArt Shop Enterprise 4.1 Arbitrary Command Execution Vulnerability
Title: ViArt Shop Enterprise 4.1 Arbitrary Command Execution Vulnerability Advisory ID: ZSL-2012-5109 Type: Local/Remote Impact: System Access Risk: (4/5) Release Date: 25.09.2012 Summary Viart Shop is a PHP based e-commerce suite, aiming to provide everything you need to run a successful...
8.1AI Score
ViArt Shop Enterprise 4.1 - Arbitrary Command Execution
ViArt Shop Enterprise 4.1 - Arbitrary Command...
1.6AI Score
7.4AI Score
The PayPal (aka MODULE_PAYMENT_PAYPAL_STANDARD) module before 1.1 in osCommerce Online Merchant before 2.3.4 allows remote attackers to set the payment recipient via a modified value of the merchant's e-mail address, as demonstrated by setting the recipient to one's...
6.7AI Score
0.002EPSS
9 million PCs infected with ZeroAccess botnet
In recent months, we've seen the rootkit family Win32/Sirefef and Win64/Sirefef (also known as ZeroAccess Botnet) update its command and control protocol and grow to infect more computers while connecting to over one million computers globally. Before, disclosed that it creates its own hidden...
6.8AI Score
osCommerce v2.3.1 with PayPal website payments standard module v1.0 design vulnerability
Overview osCommerce 2.3.1 and possibly other versions with the PayPal website payments standard module is susceptible to a client-side attack that results in an attacker purchasing items without having to pay for them. Description It has been reported that osCommerce 2.3.1 using the PayPal website....
0.4AI Score
0.002EPSS
The Ubercart Payflow module for Drupal does not use a secure token, which allows remote attackers to forge payments via unspecified...
6.9AI Score
0.003EPSS
The Ubercart Payflow module for Drupal does not use a secure token, which allows remote attackers to forge payments via unspecified...
6.7AI Score
0.003EPSS
The Ubercart Payflow module for Drupal does not use a secure token, which allows remote attackers to forge payments via unspecified...
7.2AI Score
0.003EPSS
The Ubercart Payflow module for Drupal does not use a secure token, which allows remote attackers to forge payments via unspecified...
6.7AI Score
0.003EPSS
Unspecified vulnerability in bitcoind and Bitcoin-Qt allows attackers to cause a denial of service via unknown vectors, a different vulnerability than...
6.3AI Score
0.001EPSS
Unspecified vulnerability in bitcoind and Bitcoin-Qt allows attackers to cause a denial of service via unknown vectors, a different vulnerability than...
6.3AI Score
0.001EPSS
Unspecified vulnerability in bitcoind and Bitcoin-Qt allows attackers to cause a denial of service via unknown vectors, a different vulnerability than...
6.1AI Score
0.001EPSS
Unspecified vulnerability in bitcoind and Bitcoin-Qt allows attackers to cause a denial of service via unknown vectors, a different vulnerability than...
6.6AI Score
0.001EPSS
Unspecified vulnerability in bitcoind and Bitcoin-Qt allows attackers to cause a denial of service via unknown vectors, a different vulnerability than...
6.1AI Score
0.001EPSS
Unspecified vulnerability in bitcoind and Bitcoin-Qt allows attackers to cause a denial of service via unknown vectors, a different vulnerability than...
6.6AI Score
0.001EPSS