Oscommerce

Oscommerce

78 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4

CVE-2015-2965

  • EPSS 0.37%
  • Published 28.06.2015 19:59:04
  • Last modified 12.04.2025 10:46:40

Directory traversal vulnerability in osCommerce Japanese 2.2ms1j-R8 and earlier allows remote authenticated administrators to read arbitrary files via unspecified vectors.

5.8

CVE-2012-5792

Exploit
  • EPSS 0.13%
  • Published 04.11.2012 22:55:03
  • Last modified 11.04.2025 00:51:21

The Sage Pay Direct module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers ...

5.8

CVE-2012-5793

Exploit
  • EPSS 0.13%
  • Published 04.11.2012 22:55:03
  • Last modified 11.04.2025 00:51:21

The Authorize.Net module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers vi...

5.8

CVE-2012-5794

Exploit
  • EPSS 0.13%
  • Published 04.11.2012 22:55:03
  • Last modified 11.04.2025 00:51:21

The MoneyBookers module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via...

5.8

CVE-2012-5795

Exploit
  • EPSS 0.13%
  • Published 04.11.2012 22:55:03
  • Last modified 11.04.2025 00:51:21

The PayPal Express module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers v...

5.8

CVE-2012-5797

Exploit
  • EPSS 0.13%
  • Published 04.11.2012 22:55:03
  • Last modified 11.04.2025 00:51:21

The PayPal Pro PayFlow module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL serve...

5.8

CVE-2012-5798

Exploit
  • EPSS 0.13%
  • Published 04.11.2012 22:55:03
  • Last modified 11.04.2025 00:51:21

The PayPal Pro PayFlow EC module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL se...

5.8

CVE-2012-5796

Exploit
  • EPSS 0.13%
  • Published 04.11.2012 22:55:03
  • Last modified 11.04.2025 00:51:21

The PayPal Pro module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a...

4.3

CVE-2012-0312

  • EPSS 0.25%
  • Published 26.01.2012 15:55:01
  • Last modified 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in osCommerce 2.2MS1J before R9, and osCommerce Online Merchant before 2.3.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3

CVE-2012-0311

  • EPSS 0.25%
  • Published 26.01.2012 15:55:01
  • Last modified 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in osCommerce 2.2MS1J before R9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.