Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

  1. Reconshell
  2. Vulnerabilities (CVE)
Filtered by vendor Brian Burton Subscribe
Filtered by product Paypal Pro Payflow Module
Total 1 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2012-5797 2 Brian Burton, Oscommerce 2 Paypal Pro Payflow Module, Oscommerce 2017-08-28 5.8 MEDIUM N/A
The PayPal Pro PayFlow module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.