Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Zen-cart Subscribe
Filtered by product Zen Cart
Total 26 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2012-5807 2 Lincolnloop, Zen-cart 2 Authorize.net Echeck Module, Zen Cart 2012-11-05 5.8 MEDIUM N/A
The Authorize.Net eCheck module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
CVE-2012-5806 2 Paypal, Zen-cart 2 Payments Pro, Zen Cart 2012-11-05 5.8 MEDIUM N/A
The PayPal Payments Pro module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the PHP fsockopen function, a different vulnerability than CVE-2012-5805.
CVE-2012-5805 2 Paypal, Zen-cart 2 Instant Payment Notification, Zen Cart 2012-11-05 5.8 MEDIUM N/A
The PayPal IPN functionality in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, a different vulnerability than CVE-2012-5806.
CVE-2012-5808 2 Firstdata, Zen-cart 2 Linkpoint, Zen Cart 2012-11-05 5.8 MEDIUM N/A
The LinkPoint module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
CVE-2012-1413 1 Zen-cart 1 Zen Cart 2012-05-27 2.6 LOW N/A
Cross-site scripting (XSS) vulnerability in zc_install/includes/modules/pages/database_setup/header_php.php in Zen Cart 1.5.0 and earlier, when the software is being installed, allows remote attackers to inject arbitrary web script or HTML via the db_username parameter to zc_install/index.php.
CVE-2009-4323 1 Zen-cart 1 Zen Cart 2009-12-14 7.5 HIGH N/A
The installation for Zen Cart stores sensitive information and insecure programs under the (1) docs, (2) extras, and (3) zc_install folders, and (4) install.txt, which allows remote attackers to obtain sensitive information, delete the database, and conduct other attacks via a direct request, different vulnerabilities than CVE-2009-4321 and CVE-2009-4322.