Total
26 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2012-5807 | 2 Lincolnloop, Zen-cart | 2 Authorize.net Echeck Module, Zen Cart | 2012-11-05 | 5.8 MEDIUM | N/A |
The Authorize.Net eCheck module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | |||||
CVE-2012-5806 | 2 Paypal, Zen-cart | 2 Payments Pro, Zen Cart | 2012-11-05 | 5.8 MEDIUM | N/A |
The PayPal Payments Pro module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the PHP fsockopen function, a different vulnerability than CVE-2012-5805. | |||||
CVE-2012-5805 | 2 Paypal, Zen-cart | 2 Instant Payment Notification, Zen Cart | 2012-11-05 | 5.8 MEDIUM | N/A |
The PayPal IPN functionality in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, a different vulnerability than CVE-2012-5806. | |||||
CVE-2012-5808 | 2 Firstdata, Zen-cart | 2 Linkpoint, Zen Cart | 2012-11-05 | 5.8 MEDIUM | N/A |
The LinkPoint module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | |||||
CVE-2012-1413 | 1 Zen-cart | 1 Zen Cart | 2012-05-27 | 2.6 LOW | N/A |
Cross-site scripting (XSS) vulnerability in zc_install/includes/modules/pages/database_setup/header_php.php in Zen Cart 1.5.0 and earlier, when the software is being installed, allows remote attackers to inject arbitrary web script or HTML via the db_username parameter to zc_install/index.php. | |||||
CVE-2009-4323 | 1 Zen-cart | 1 Zen Cart | 2009-12-14 | 7.5 HIGH | N/A |
The installation for Zen Cart stores sensitive information and insecure programs under the (1) docs, (2) extras, and (3) zc_install folders, and (4) install.txt, which allows remote attackers to obtain sensitive information, delete the database, and conduct other attacks via a direct request, different vulnerabilities than CVE-2009-4321 and CVE-2009-4322. |