CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

107 matches found

Prion•added 2023/01/08 6:15 p.m.•13 views

Information disclosure

A vulnerability, which was classified as problematic, was found in viafintech Barzahlen Payment Module PHP SDK up to 2.0.0. Affected is the function verify of the file src/Webhook.php. The manipulation leads to observable timing discrepancy. The complexity of an attack is rather high. The...

5CVSS7.1AI score0.004EPSS

Exploits0References5Affected Software1

Cvelist•added 2023/01/08 5:15 p.m.•15 views

CVE-2016-15015 viafintech Barzahlen Payment Module PHP SDK Webhook.php verify timing discrepancy

2.6CVSS5.3AI score0.004EPSS

Exploits0References5

CVE•added 2023/01/08 5:15 p.m.•53 views

CVE-2016-15015

CVE-2016-15015 affects viafintech Barzahlen Payment Module PHP SDK up to 2.0.0. The vulnerability is in verify (src/Webhook.php) and exposes observable timing discrepancy, enabling potential information disclosure. Exploitation details are not provided beyond timing differences; attack complexity...

5.3CVSS4.6AI score0.004EPSS

Exploits0References5Affected Software1

OSV•added 2022/01/07 12:0 a.m.•27 views

GHSA-RWQQ-P4P9-5WPQ Wechat-php-sdk is affected by a Cross Site Scripting vulnerability.

Wechat-php-sdk v1.10.2 is affected by a Cross Site Scripting XSS vulnerability in Wechat.php...

6.1CVSS5.9AI score0.0024EPSS

Exploits1References3

Github Security Blog•added 2022/01/07 12:0 a.m.•32 views

Wechat-php-sdk is affected by a Cross Site Scripting vulnerability.

Wechat-php-sdk v1.10.2 is affected by a Cross Site Scripting XSS vulnerability in Wechat.php...

6.1CVSS1.8AI score0.0024EPSS

Exploits1References4Affected Software1

OSV•added 2021/12/17 1:15 p.m.•14 views

CVE-2021-43678

Wechat-php-sdk v1.10.2 is affected by a Cross Site Scripting XSS vulnerability in Wechat.php...

6.1CVSS5.8AI score

Exploits0References2

NVD•added 2021/12/17 1:15 p.m.•11 views

CVE-2021-43678

Wechat-php-sdk v1.10.2 is affected by a Cross Site Scripting XSS vulnerability in Wechat.php...

6.1CVSS0.0024EPSS

Exploits1References2

Cvelist•added 2021/12/17 12:49 p.m.•12 views

CVE-2021-43678

Wechat-php-sdk v1.10.2 is affected by a Cross Site Scripting XSS vulnerability in Wechat.php...

6.1AI score0.0024EPSS

Exploits1References2

CVE•added 2021/12/17 12:49 p.m.•57 views

CVE-2021-43678

CVE-2021-43678 affects the PHP package wechat-php-sdk v1.10.2, with the vulnerability located in the Wechat.php file. Multiple connected advisories describe a Cross Site Scripting (XSS) vulnerability arising from insufficient sanitization, notably in the serve() function cited by Veracode. Exploi...

6.1CVSS5.9AI score0.0024EPSS

Exploits1References2Affected Software1

Veracode•added 2021/10/13 8:29 a.m.•14 views

Insecure Certificate Validation

globalpayments/php-sdk is vulnerable to insecure certificate validation. The vulnerability exists in the sendRequest function in Gateway.php as it does not properly enforce the SSL certificate validations...

5.9CVSS1.9AI score0.00376EPSS

Exploits1References5Affected Software1

Github Security Blog•added 2021/10/12 4:31 p.m.•27 views

Improper Certificate Validation in Heartland & Global Payments PHP SDK

Gateways/Gateway.php in Heartland & Global Payments PHP SDK before 2.0.0 does not enforce SSL certificate validations...

5.9CVSS1.1AI score0.00376EPSS

Exploits1References7Affected Software1

OSV•added 2021/10/12 4:31 p.m.•10 views

GHSA-PM77-C4Q7-3FWJ Improper Certificate Validation in Heartland & Global Payments PHP SDK

Gateways/Gateway.php in Heartland & Global Payments PHP SDK before 2.0.0 does not enforce SSL certificate validations...

5.9CVSS5.7AI score0.00376EPSS

Exploits1References7

Kitploit•added 2021/05/31 12:30 p.m.•73 views

Bucky - An Automatic S3 Bucket Discovery Tool

Bucky is an automatic tool designed to discover S3 bucket misconfiguration, Bucky consists up of two modules Bucky firefox addon and Bucky backend engine. Bucky addon reads the source code of the webpages and uses Regular ExpressionRegex to match the S3 bucket used as Content Delivery NetworkCDN...

7.3AI score

Exploits0References3

OSV•added 2020/02/14 4:15 p.m.•7 views

CVE-2019-20455

Gateways/Gateway.php in Heartland & Global Payments PHP SDK before 2.0.0 does not enforce SSL certificate validations...

5.9CVSS6.9AI score

Exploits0References4

Prion•added 2020/02/14 4:15 p.m.•11 views

Design/Logic Flaw

Gateways/Gateway.php in Heartland & Global Payments PHP SDK before 2.0.0 does not enforce SSL certificate validations...

4.3CVSS5.8AI score0.00376EPSS

Exploits1References4Affected Software1

CVE•added 2020/02/14 3:43 p.m.•69 views

CVE-2019-20455

The CVE-2019-20455 entry affects the Heartland & Global Payments PHP SDK (Gateway.php) prior to version 2.0.0, where SSL certificate validation is not enforced. This can allow MITM-style interception of TLS traffic and exposure of sensitive data, as indicated by the CVE details and Red Hat/Veraco...

5.9CVSS5.7AI score0.00376EPSS

Exploits1References4Affected Software1

Cvelist•added 2020/02/14 3:43 p.m.•14 views

CVE-2019-20455

Gateways/Gateway.php in Heartland & Global Payments PHP SDK before 2.0.0 does not enforce SSL certificate validations...

5.7AI score0.00376EPSS

Exploits1References4

NVD•added 2019/07/03 5:15 p.m.•8 views

CVE-2017-6216

novaksolutions/infusionsoft-php-sdk v2016-10-31 is vulnerable to a reflected XSS in the leadscoring.php resulting code execution...

6.1CVSS6.3AI score0.00427EPSS

Exploits1References1