CVE-2012-5805
- EPSS 0.57%
- Veröffentlicht 04.11.2012 22:55:04
- Zuletzt bearbeitet 16.06.2026 23:47:22
The PayPal IPN functionality in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers ...
CVE-2012-5808
- EPSS 0.57%
- Veröffentlicht 04.11.2012 22:55:04
- Zuletzt bearbeitet 16.06.2026 23:47:22
The LinkPoint module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an a...
CVE-2012-5807
- EPSS 0.57%
- Veröffentlicht 04.11.2012 22:55:04
- Zuletzt bearbeitet 16.06.2026 23:47:22
The Authorize.Net eCheck module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL serve...
CVE-2012-5806
- EPSS 0.57%
- Veröffentlicht 04.11.2012 22:55:04
- Zuletzt bearbeitet 16.06.2026 23:47:22
The PayPal Payments Pro module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL server...
CVE-2012-1413
- EPSS 0.85%
- Veröffentlicht 27.05.2012 19:55:01
- Zuletzt bearbeitet 16.06.2026 23:39:28
Cross-site scripting (XSS) vulnerability in zc_install/includes/modules/pages/database_setup/header_php.php in Zen Cart 1.5.0 and earlier, when the software is being installed, allows remote attackers to inject arbitrary web script or HTML via the db...
CVE-2011-4567
- EPSS 1.61%
- Veröffentlicht 29.11.2011 00:55:01
- Zuletzt bearbeitet 16.06.2026 23:35:03
Cross-site scripting (XSS) vulnerability in includes/templates/template_default/templates/tpl_gv_send_default.php in Zen Cart before 1.5 allows remote attackers to inject arbitrary web script or HTML via the message parameter in a gv_send action to i...
CVE-2011-4547
- EPSS 1.18%
- Veröffentlicht 29.11.2011 00:55:01
- Zuletzt bearbeitet 16.06.2026 23:35:01
Multiple cross-site scripting (XSS) vulnerabilities in includes/templates/template_default/common/tpl_header_test_info.php in Zen Cart 1.3.9h, when debugging is enabled, might allow remote attackers to inject arbitrary web script or HTML via the (1) ...
CVE-2009-4323
- EPSS 2.58%
- Veröffentlicht 14.12.2009 23:30:00
- Zuletzt bearbeitet 16.06.2026 23:13:26
The installation for Zen Cart stores sensitive information and insecure programs under the (1) docs, (2) extras, and (3) zc_install folders, and (4) install.txt, which allows remote attackers to obtain sensitive information, delete the database, and ...
- EPSS 1.32%
- Veröffentlicht 14.12.2009 23:30:00
- Zuletzt bearbeitet 16.06.2026 23:13:26
extras/ipn_test_return.php in Zen Cart allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message.
- EPSS 2.47%
- Veröffentlicht 14.12.2009 23:30:00
- Zuletzt bearbeitet 16.06.2026 23:13:26
extras/curltest.php in Zen Cart 1.3.8 and 1.3.8a, and possibly other versions, allows remote attackers to read arbitrary files via a file:// URI. NOTE: some of these details are obtained from third party information.