6 matches found
CVE-2011-5236
Moneris eSelectPlus 2.03 PHP API does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...
SA-CONTRIB-2014-056 - Commerce Moneris - Information Disclosure
Commerce Moneris is a payment module that integrates the Moneris payment system with Drupal Commerce. The module stores credit card data in a commerce order object unnecessarily for the purpose of passing the credit card information to the payment gateway. The credit card information is never...
CVE-2011-5236
Moneris eSelectPlus 2.03 PHP API does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...
Code injection
Moneris eSelectPlus 2.03 PHP API does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...
CVE-2011-5236
Moneris eSelectPlus 2.03 PHP API is affected by a hostname verification flaw in SSL/TLS: it does not check that the server certificate CN/subjectAltName matches the server hostname, enabling potential man-in-the-middle spoofing with an arbitrary valid certificate. This is documented in CVE-2011-5...
CVE-2011-5236
Moneris eSelectPlus 2.03 PHP API does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...