5 matches found
EUVD-2012-5668
Malware in sbrugna...
CVE-2012-5823
Open Source Classifieds does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the PHP...
Linux Distros Unpatched Vulnerability : CVE-2017-7189
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - main/streams/xpsocket.c in PHP 7.x before 2017-03-07 misparses fsockopen calls, such as by interpreting fsockopen'127.0.0.1:80', 443 as if the address/port were...
Code injection
The PayPal Payments Pro module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to...
Design/Logic Flaw
Open Source Classifieds does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the PHP...