32 matches found
EUVD-2012-5678
Malware in sbrugna...
EUVD-2004-1206
Malware in sbrugna...
EUVD-2012-5677
Malware in sbrugna...
EUVD-2012-2064
Malware in sbrugna...
CVE-2012-5798
The PayPal Pro PayFlow EC module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...
CVE-2012-5798
The PayPal Pro PayFlow EC module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...
CVE-2012-5797
The PayPal Pro PayFlow module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...
Code injection
The PayPal Pro PayFlow module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...
CVE-2012-5797
The PayPal Pro PayFlow module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...
CVE-2012-5798
The CVE-2012-5798 entry concerns the PayPal Pro PayFlow EC module in osCommerce failing to verify that the server hostname matches a domain name in the certificate’s CN or SubjectAltName. This omission enables MITM attackers to spoof SSL servers using arbitrary valid certificates. Connected docum...
CVE-2012-5797
The CVE-2012-5797 entry concerns the PayPal Pro PayFlow module in osCommerce, where SSL hostname verification against the certificate’s CN/subjectAltName is not performed. This allows MITM-style spoofing of SSL servers using arbitrary valid certificates, with the reported impact described as part...
CVE-2012-2058
The Ubercart Payflow module for Drupal does not use a secure token, which allows remote attackers to forge payments via unspecified vectors...
Code injection
The Ubercart Payflow module for Drupal does not use a secure token, which allows remote attackers to forge payments via unspecified vectors...
CVE-2012-2058
The CVE-2012-2058 issue affects the Ubercart Payflow module for Drupal, which does not use a secure token, allowing remote attackers to forge payments via unspecified vectors. No fixes were created for this vulnerability in the referenced advisory, so consider disabling the affected module or rep...
CVE-2012-2058
The Ubercart Payflow module for Drupal does not use a secure token, which allows remote attackers to forge payments via unspecified vectors...
SA-CONTRIB-2012-036 - Multiple Modules Unsupported
CVE: CVE-2012-2056 Content Lock Is a module that prevents users from concurrent editing of nodes. This module does not use a token for unlocking a content lock. This leads to a CSRF attack vector. CVE: CVE-2012-2057 Ubercart Bulk Stock Updater is an extension module for Ubercart 2.x running on...
AMember 3.1.7 (XSS/SQL/HI) Multiple Remote Vulnerabilities
Exploit for unknown platform in category web applications ========================================================== AMember 3.1.7 XSS/SQL/HI Multiple Remote Vulnerabilities ========================================================== AMember - Multiple Vulnerabilities Version Affected: 3.1.7...
amember 3.1.7 - Cross-Site Scripting SQL Injection HTML Injection
amember 3.1.7 - Cross-Site Scripting SQL Injection HTML Injection AMember - Multiple Vulnerabilities Version Affected: 3.1.7 Apr-10-2009 newest Info: aMember is a flexible membership and subscription management PHP script. It has support for PayPal, BeanStream, 2Checkout, NoChex, VeriSign PayFlow...
AMember 3.1.7 (XSS/SQL/HI) Multiple Remote Vulnerabilities
No description provided by source. AMember - Multiple Vulnerabilities Version Affected: 3.1.7 Apr-10-2009 newest Info: aMember is a flexible membership and subscription management PHP script. It has support for PayPal, BeanStream, 2Checkout, NoChex, VeriSign PayFlow, Authorize.Net, PaySystems,...
[InterN0T] AMember 3.1.7 - Multiple Vulnerabilities
AMember - Multiple Vulnerabilities Version Affected: 3.1.7 Apr-10-2009 newest Info: aMember is a flexible membership and subscription management PHP script. It has support for PayPal, BeanStream, 2Checkout, NoChex, VeriSign PayFlow, Authorize.Net, PaySystems, Probilling, Multicards, E-Gold and...