Export limit exceeded: 347860 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (25190 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-5806 | 2 Paypal, Zen-cart | 2 Payments Pro, Zen Cart | 2025-04-11 | N/A |
| The PayPal Payments Pro module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the PHP fsockopen function, a different vulnerability than CVE-2012-5805. | ||||
| CVE-2012-5805 | 2 Paypal, Zen-cart | 2 Instant Payment Notification, Zen Cart | 2025-04-11 | N/A |
| The PayPal IPN functionality in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, a different vulnerability than CVE-2012-5806. | ||||
| CVE-2012-5804 | 2 Cybersource Module Project, Ubercart | 2 Cybersource, Ubercart | 2025-04-11 | N/A |
| The CyberSource module in Ubercart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | ||||
| CVE-2012-5803 | 2 Irata, Ubercart | 2 Authorize.net Module, Ubercart | 2025-04-11 | N/A |
| The Authorize.Net module in Ubercart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | ||||
| CVE-2011-3952 | 2 Ffmpeg, Libav | 2 Ffmpeg, Libav | 2025-04-11 | N/A |
| The decode_init function in kmvc.c in libavcodec in FFmpeg before 0.10 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large palette size in a KMVC encoded file. | ||||
| CVE-2012-5802 | 2 Paypal, Ubercart | 2 Paypal, Ubercart | 2025-04-11 | N/A |
| The PayPal module in Ubercart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | ||||
| CVE-2012-5801 | 1 Prestashop | 2 Ebay, Prestashop | 2025-04-11 | N/A |
| The PayPal module in PrestaShop does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the PHP fsockopen function. | ||||
| CVE-2011-4063 | 1 Asterisk | 1 Open Source | 2025-04-11 | N/A |
| chan_sip.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.7.1 and 10.x before 10.0.0-rc1 does not properly initialize variables during request parsing, which allows remote authenticated users to cause a denial of service (daemon crash) via a malformed request. | ||||
| CVE-2012-5800 | 1 Prestashop | 2 Ebay Module, Prestashop | 2025-04-11 | N/A |
| The eBay module in PrestaShop does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | ||||
| CVE-2012-5796 | 2 Oscommerce, Paypal | 2 Oscommerce, Paypal Pro | 2025-04-11 | N/A |
| The PayPal Pro module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | ||||
| CVE-2011-4092 | 1 Ubuntu Developers | 1 Obby | 2025-04-11 | N/A |
| obby (aka libobby) does not verify SSL server certificates, which allows remote attackers to spoof servers via an arbitrary certificate. | ||||
| CVE-2011-4106 | 1 Binarymoon | 1 Timthumb | 2025-04-11 | N/A |
| TimThumb (timthumb.php) before 2.0 does not validate the entire source with the domain white list, which allows remote attackers to upload and execute arbitrary code via a URL containing a white-listed domain in the src parameter, then accessing it via a direct request to the file in the cache directory, as exploited in the wild in August 2011. | ||||
| CVE-2012-5799 | 2 Prestashop, Presto-changeo | 2 Prestashop, Canadapost | 2025-04-11 | N/A |
| The Canada Post (aka CanadaPost) module in PrestaShop does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the PHP fsockopen function. | ||||
| CVE-2012-5795 | 2 Akunamachata, Oscommerce | 2 Paypal Express Module, Oscommerce | 2025-04-11 | N/A |
| The PayPal Express module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | ||||
| CVE-2012-5794 | 2 Moneybookers, Oscommerce | 2 Moneybookers, Oscommerce | 2025-04-11 | N/A |
| The MoneyBookers module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | ||||
| CVE-2011-4129 | 1 Gnome | 1 Libsocialweb | 2025-04-11 | N/A |
| (1) services/twitter/twitter-contact-view.c and (2) services/twitter/twitter-item-view.c in libsocialweb before 0.25.20 automatically connect to Twitter when no Twitter account is set, which might allow remote attackers to obtain sensitive information via a man-in-the-middle (MITM) attack. | ||||
| CVE-2011-4132 | 3 Linux, Redhat, Suse | 4 Linux Kernel, Enterprise Linux, Enterprise Mrg and 1 more | 2025-04-11 | N/A |
| The cleanup_journal_tail function in the Journaling Block Device (JBD) functionality in the Linux kernel 2.6 allows local users to cause a denial of service (assertion error and kernel oops) via an ext3 or ext4 image with an "invalid log first block value." | ||||
| CVE-2011-4136 | 1 Djangoproject | 1 Django | 2025-04-11 | N/A |
| django.contrib.sessions in Django before 1.2.7 and 1.3.x before 1.3.1, when session data is stored in the cache, uses the root namespace for both session identifiers and application-data keys, which allows remote attackers to modify a session by triggering use of a key that is equal to that session's identifier. | ||||
| CVE-2012-5793 | 2 Harald Ponce De Leon, Oscommerce | 2 Authorize.net, Oscommerce | 2025-04-11 | N/A |
| The Authorize.Net module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | ||||
| CVE-2011-4138 | 1 Djangoproject | 1 Django | 2025-04-11 | N/A |
| The verify_exists functionality in the URLField implementation in Django before 1.2.7 and 1.3.x before 1.3.1 originally tests a URL's validity through a HEAD request, but then uses a GET request for the new target URL in the case of a redirect, which might allow remote attackers to trigger arbitrary GET requests with an unintended source IP address via a crafted Location header. | ||||