Zen-cart

Zen Cart

28 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 0.57%
  • Veröffentlicht 04.11.2012 22:55:04
  • Zuletzt bearbeitet 16.06.2026 23:47:22

The PayPal IPN functionality in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers ...

Exploit
  • EPSS 0.57%
  • Veröffentlicht 04.11.2012 22:55:04
  • Zuletzt bearbeitet 16.06.2026 23:47:22

The LinkPoint module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an a...

Exploit
  • EPSS 0.57%
  • Veröffentlicht 04.11.2012 22:55:04
  • Zuletzt bearbeitet 16.06.2026 23:47:22

The Authorize.Net eCheck module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL serve...

Exploit
  • EPSS 0.57%
  • Veröffentlicht 04.11.2012 22:55:04
  • Zuletzt bearbeitet 16.06.2026 23:47:22

The PayPal Payments Pro module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL server...

  • EPSS 0.85%
  • Veröffentlicht 27.05.2012 19:55:01
  • Zuletzt bearbeitet 16.06.2026 23:39:28

Cross-site scripting (XSS) vulnerability in zc_install/includes/modules/pages/database_setup/header_php.php in Zen Cart 1.5.0 and earlier, when the software is being installed, allows remote attackers to inject arbitrary web script or HTML via the db...

Exploit
  • EPSS 1.61%
  • Veröffentlicht 29.11.2011 00:55:01
  • Zuletzt bearbeitet 16.06.2026 23:35:03

Cross-site scripting (XSS) vulnerability in includes/templates/template_default/templates/tpl_gv_send_default.php in Zen Cart before 1.5 allows remote attackers to inject arbitrary web script or HTML via the message parameter in a gv_send action to i...

Exploit
  • EPSS 1.18%
  • Veröffentlicht 29.11.2011 00:55:01
  • Zuletzt bearbeitet 16.06.2026 23:35:01

Multiple cross-site scripting (XSS) vulnerabilities in includes/templates/template_default/common/tpl_header_test_info.php in Zen Cart 1.3.9h, when debugging is enabled, might allow remote attackers to inject arbitrary web script or HTML via the (1) ...

  • EPSS 2.58%
  • Veröffentlicht 14.12.2009 23:30:00
  • Zuletzt bearbeitet 16.06.2026 23:13:26

The installation for Zen Cart stores sensitive information and insecure programs under the (1) docs, (2) extras, and (3) zc_install folders, and (4) install.txt, which allows remote attackers to obtain sensitive information, delete the database, and ...

Exploit
  • EPSS 1.32%
  • Veröffentlicht 14.12.2009 23:30:00
  • Zuletzt bearbeitet 16.06.2026 23:13:26

extras/ipn_test_return.php in Zen Cart allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message.

Exploit
  • EPSS 2.47%
  • Veröffentlicht 14.12.2009 23:30:00
  • Zuletzt bearbeitet 16.06.2026 23:13:26

extras/curltest.php in Zen Cart 1.3.8 and 1.3.8a, and possibly other versions, allows remote attackers to read arbitrary files via a file:// URI. NOTE: some of these details are obtained from third party information.