4 matches found
CVE-2013-0118
CS-Cart before 3.0.6, when PayPal Standard Payments is configured, allows remote attackers to set the payment recipient via a modified value of the merchant's e-mail address, as demonstrated by setting the recipient to one's self...
APPLE-SA-2015-04-08-2 OS X 10.10.3 and Security Update 2015-004
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2015-04-08-2 OS X 10.10.3 and Security Update 2015-004 OS X Yosemite 10.10.3 and Security Update 2015-004 are now available and address the following: Admin Framework Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A process may gain...
CVE-2013-0118
CVE-2013-0118 affects CS-Cart prior to 3.0.6 where PayPal Standard Payments is configured. The vulnerability allows a remote attacker to change the payment recipient by sending a modified merchant email address, effectively setting the recipient to themselves. The NVD lists a base score of 5.0 (M...
CS-Cart v3.0.4 configured with PayPal Standard Payments design vulnerability
Overview CS-Cart v3.0.4 and possibly other versions configured with PayPal Standard Payment is susceptible to a client-side attack that results in an attacker purchasing items without having to pay for them. Description It has been reported that CS-Cart v3.0.4 configured with PayPal Standard...