85 matches found
Design/Logic Flaw
The Authorize.Net module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...
Code injection
The Authorize.Net eCheck module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...
Code injection
The Authorize.Net module in Ubercart does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...
CVE-2012-5793
The CVE-2012-5793 entry concerns the Authorize.Net module in osCommerce. The vulnerability arises because TLS hostname verification is not performed against the server certificate’s CN/subjectAltName, allowing a MITM attacker to spoof SSL servers using an arbitrary valid certificate. Affected com...
CVE-2012-5807
The Authorize.Net eCheck module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...
CVE-2012-5793
The Authorize.Net module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...
CVE-2012-5803
The CVE-2012-5803 entry concerns the Authorize.Net module in Ubercart failing to verify that the server hostname matches a domain in the certificate’s CN or subjectAltName. This misconfiguration enables man-in-the-middle attackers to spoof SSL servers using arbitrary valid certificates. The descr...
CVE-2012-5803
The Authorize.Net module in Ubercart does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...
PHP E-Mall SQL Injection / Cross Site Scripting
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : Inj3ct0r.com 0 1 + Support e-mail :...
iScripts eSwap 2.0 - SQL Injection Cross-Site Scripting
iScripts eSwap 2.0 - SQL Injection Cross-Site Scripting Title:iScripts eSwap v2.0 sqli and xss vulnerability Author: Sid3^effects Published: 2010-06-05 price:$99.95 email:[email protected] vendor: iScripts url : http://www.iscripts.com/eswap/ google dork : Powered by iScripts eSwap. ooooo .ooooo...
iScripts eSwap v2.0 XSS / SQL Injection Vulnerability
Exploit for php platform in category web applications ===================================================== iScripts eSwap v2.0 XSS / SQL Injection Vulnerability ===================================================== Title:iScripts eSwap v2.0 sqli and xss vulnerability Author: Sid3^effects...
iScripts eSwap 2.0 - SQL Injection / Cross-Site Scripting
Title:iScripts eSwap v2.0 sqli and xss vulnerability Author: Sid3^effects Published: 2010-06-05 price:$99.95 email:[email protected] vendor: iScripts url : http://www.iscripts.com/eswap/ google dork : Powered by iScripts eSwap. ooooo .oooooo. oooooo oooooo oooo 888' d8P' Y8b 888. 888. .8' 888 88...
Host Directory PRO 2.1.0 Remote Change Admin Password Exploit
No description provided by source. titlechange password Host Directory PRO 2.1.0 /title body bgcolor="000000" trtd class="setting" form name="config" action="http://demo-host-directory-pro.phphostdirectoryscript.com/admin/config" method="post" h4Configuration/h4 table tr tdfont color="FFFFFF"Web...
Host Directory PRO 2.1.0 - Remote Change Admin Password
Host Directory PRO 2.1.0 - Remote Change Admin Password change password Host Directory PRO 2.1.0 Configuration Web Interface Password Admin Email Receive Authorize.Net On Off Authorize login Authorize transactionKey /fo...
AMember 3.1.7 (XSS/SQL/HI) Multiple Remote Vulnerabilities
Exploit for unknown platform in category web applications ========================================================== AMember 3.1.7 XSS/SQL/HI Multiple Remote Vulnerabilities ========================================================== AMember - Multiple Vulnerabilities Version Affected: 3.1.7...
amember 3.1.7 - Cross-Site Scripting SQL Injection HTML Injection
amember 3.1.7 - Cross-Site Scripting SQL Injection HTML Injection AMember - Multiple Vulnerabilities Version Affected: 3.1.7 Apr-10-2009 newest Info: aMember is a flexible membership and subscription management PHP script. It has support for PayPal, BeanStream, 2Checkout, NoChex, VeriSign PayFlow...
AMember 3.1.7 (XSS/SQL/HI) Multiple Remote Vulnerabilities
No description provided by source. AMember - Multiple Vulnerabilities Version Affected: 3.1.7 Apr-10-2009 newest Info: aMember is a flexible membership and subscription management PHP script. It has support for PayPal, BeanStream, 2Checkout, NoChex, VeriSign PayFlow, Authorize.Net, PaySystems,...
[InterN0T] AMember 3.1.7 - Multiple Vulnerabilities
AMember - Multiple Vulnerabilities Version Affected: 3.1.7 Apr-10-2009 newest Info: aMember is a flexible membership and subscription management PHP script. It has support for PayPal, BeanStream, 2Checkout, NoChex, VeriSign PayFlow, Authorize.Net, PaySystems, Probilling, Multicards, E-Gold and...
Unfixed XSS vulnerability at www.authorize.net
Security researcher C1c4Tr1Z, has submitted on 01/05/2008 a cross-site-scripting XSS vulnerability affecting www.authorize.net, which at the time of submission ranked 6760 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 20/06/2008. It is...
CVE-2004-2695
SQL injection vulnerability in the Authorize.net callback code subscriptions/authorize.php in Jelsoft vBulletin 3.0 through 3.0.3 allows remote attackers to execute arbitrary SQL statements via the xinvoicenum parameter. NOTE: this issue might be related to CVE-2006-4267...