Lucene search
K

85 matches found

Prion
Prion
added 2012/11/04 10:55 p.m.17 views

Design/Logic Flaw

The Authorize.Net module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...

5.8CVSS7AI score0.0057EPSS
Exploits1References2
Prion
Prion
added 2012/11/04 10:55 p.m.19 views

Code injection

The Authorize.Net eCheck module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...

5.8CVSS7AI score0.00566EPSS
Exploits1References1
Prion
Prion
added 2012/11/04 10:55 p.m.17 views

Code injection

The Authorize.Net module in Ubercart does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...

5.8CVSS7AI score0.0057EPSS
Exploits1References2
CVE
CVE
added 2012/11/04 10:0 p.m.44 views

CVE-2012-5793

The CVE-2012-5793 entry concerns the Authorize.Net module in osCommerce. The vulnerability arises because TLS hostname verification is not performed against the server certificate’s CN/subjectAltName, allowing a MITM attacker to spoof SSL servers using an arbitrary valid certificate. Affected com...

5.8CVSS6.7AI score0.0057EPSS
Exploits1References2Affected Software2
Cvelist
Cvelist
added 2012/11/04 10:0 p.m.19 views

CVE-2012-5807

The Authorize.Net eCheck module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...

6.5AI score0.00566EPSS
Exploits1References1
Cvelist
Cvelist
added 2012/11/04 10:0 p.m.19 views

CVE-2012-5793

The Authorize.Net module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...

6.5AI score0.0057EPSS
Exploits1References2
CVE
CVE
added 2012/11/04 10:0 p.m.49 views

CVE-2012-5803

The CVE-2012-5803 entry concerns the Authorize.Net module in Ubercart failing to verify that the server hostname matches a domain in the certificate’s CN or subjectAltName. This misconfiguration enables man-in-the-middle attackers to spoof SSL servers using arbitrary valid certificates. The descr...

5.8CVSS6.7AI score0.0057EPSS
Exploits1References2Affected Software2
Cvelist
Cvelist
added 2012/11/04 10:0 p.m.22 views

CVE-2012-5803

The Authorize.Net module in Ubercart does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...

6.5AI score0.0057EPSS
Exploits1References2
Packet Storm
Packet Storm
added 2010/06/23 12:0 a.m.56 views

PHP E-Mall SQL Injection / Cross Site Scripting

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : Inj3ct0r.com 0 1 + Support e-mail :...

0.4AI score
Exploits0
exploitpack
exploitpack
added 2010/06/06 12:0 a.m.28 views

iScripts eSwap 2.0 - SQL Injection Cross-Site Scripting

iScripts eSwap 2.0 - SQL Injection Cross-Site Scripting Title:iScripts eSwap v2.0 sqli and xss vulnerability Author: Sid3^effects Published: 2010-06-05 price:$99.95 email:[email protected] vendor: iScripts url : http://www.iscripts.com/eswap/ google dork : Powered by iScripts eSwap. ooooo .ooooo...

0.7AI score
Exploits0
0day.today
0day.today
added 2010/06/06 12:0 a.m.31 views

iScripts eSwap v2.0 XSS / SQL Injection Vulnerability

Exploit for php platform in category web applications ===================================================== iScripts eSwap v2.0 XSS / SQL Injection Vulnerability ===================================================== Title:iScripts eSwap v2.0 sqli and xss vulnerability Author: Sid3^effects...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2010/06/06 12:0 a.m.49 views

iScripts eSwap 2.0 - SQL Injection / Cross-Site Scripting

Title:iScripts eSwap v2.0 sqli and xss vulnerability Author: Sid3^effects Published: 2010-06-05 price:$99.95 email:[email protected] vendor: iScripts url : http://www.iscripts.com/eswap/ google dork : Powered by iScripts eSwap. ooooo .oooooo. oooooo oooooo oooo 888' d8P' Y8b 888. 888. .8' 888 88...

7AI score
Exploits0
seebug.org
seebug.org
added 2009/06/05 12:0 a.m.17 views

Host Directory PRO 2.1.0 Remote Change Admin Password Exploit

No description provided by source. titlechange password Host Directory PRO 2.1.0 /title body bgcolor="000000" trtd class="setting" form name="config" action="http://demo-host-directory-pro.phphostdirectoryscript.com/admin/config" method="post" h4Configuration/h4 table tr tdfont color="FFFFFF"Web...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2009/06/04 12:0 a.m.12 views

Host Directory PRO 2.1.0 - Remote Change Admin Password

Host Directory PRO 2.1.0 - Remote Change Admin Password change password Host Directory PRO 2.1.0 Configuration Web Interface Password Admin Email Receive Authorize.Net On Off Authorize login Authorize transactionKey /fo...

0.3AI score
Exploits0
0day.today
0day.today
added 2009/05/29 12:0 a.m.51 views

AMember 3.1.7 (XSS/SQL/HI) Multiple Remote Vulnerabilities

Exploit for unknown platform in category web applications ========================================================== AMember 3.1.7 XSS/SQL/HI Multiple Remote Vulnerabilities ========================================================== AMember - Multiple Vulnerabilities Version Affected: 3.1.7...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2009/05/29 12:0 a.m.28 views

amember 3.1.7 - Cross-Site Scripting SQL Injection HTML Injection

amember 3.1.7 - Cross-Site Scripting SQL Injection HTML Injection AMember - Multiple Vulnerabilities Version Affected: 3.1.7 Apr-10-2009 newest Info: aMember is a flexible membership and subscription management PHP script. It has support for PayPal, BeanStream, 2Checkout, NoChex, VeriSign PayFlow...

Exploits0
seebug.org
seebug.org
added 2009/05/29 12:0 a.m.48 views

AMember 3.1.7 (XSS/SQL/HI) Multiple Remote Vulnerabilities

No description provided by source. AMember - Multiple Vulnerabilities Version Affected: 3.1.7 Apr-10-2009 newest Info: aMember is a flexible membership and subscription management PHP script. It has support for PayPal, BeanStream, 2Checkout, NoChex, VeriSign PayFlow, Authorize.Net, PaySystems,...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2009/05/25 12:0 a.m.194 views

[InterN0T] AMember 3.1.7 - Multiple Vulnerabilities

AMember - Multiple Vulnerabilities Version Affected: 3.1.7 Apr-10-2009 newest Info: aMember is a flexible membership and subscription management PHP script. It has support for PayPal, BeanStream, 2Checkout, NoChex, VeriSign PayFlow, Authorize.Net, PaySystems, Probilling, Multicards, E-Gold and...

6.9AI score
Exploits0
xssed
xssed
added 2008/01/05 12:0 a.m.18 views

Unfixed XSS vulnerability at www.authorize.net

Security researcher C1c4Tr1Z, has submitted on 01/05/2008 a cross-site-scripting XSS vulnerability affecting www.authorize.net, which at the time of submission ranked 6760 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 20/06/2008. It is...

6.6AI score
Exploits0References1
Cvelist
Cvelist
added 2007/10/06 9:0 p.m.21 views

CVE-2004-2695

SQL injection vulnerability in the Authorize.net callback code subscriptions/authorize.php in Jelsoft vBulletin 3.0 through 3.0.3 allows remote attackers to execute arbitrary SQL statements via the xinvoicenum parameter. NOTE: this issue might be related to CVE-2006-4267...

8.1AI score0.01913EPSS
Exploits0References6
Rows per page
Query Builder