5 matches found
EUVD-2012-5668
Malware in sbrugna...
CVE-2012-5823
Open Source Classifieds does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the PHP...
Linux Distros Unpatched Vulnerability : CVE-2017-7189
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - main/streams/xpsocket.c in PHP 7.x before 2017-03-07 misparses fsockopen calls, such as by interpreting fsockopen'127.0.0.1:80', 443 as if the address/port were...
Design/Logic Flaw
Open Source Classifieds does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the PHP...
Code injection
The PayPal Payments Pro module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to...