Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
paypal ipn - vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2014-10067
paypal-ipn prior to 3.0.0 uses the `test_ipn` parameter (which is set by the PayPal IPN simulator) to determine if it should use the production PayPal site or the sandbox. With a bit of time, an attacker could craft a request using the simulator that would fool any application wh...
Paypal-ipn Project Paypal-ipn
5.8
CVSSv2
CVE-2012-5788
The PayPal IPN utility does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle malicious users to spoof SSL servers via an arbitrary valid certificate, r...
Paypal Ipn -
5
CVSSv2
CVE-2009-0328
ROBS-PROJECTS Digital Sales IPN (aka DS-IPN.NET or DS-IPN Paypal Shop) stores sensitive information under the web root with insufficient access control, which allows remote malicious users to download the database file containing user credentials via a direct request for Database...
Robs-projects Digital Sales Ipn Nil
1 EDB exploit
3.6
CVSSv2
CVE-2006-0202
Dave Nielsen and Patrick Breitenbach PayPal Web Services (aka PHP Toolkit) 0.50 and possibly earlier has (1) world-readable permissions for ipn/logs/ipn_success.txt, which allows local users to view sensitive information (payment data), and (2) world-writable permissions for ipn/...
Paypal Php Toolkit
5.8
CVSSv2
CVE-2012-5805
The PayPal IPN functionality in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle malicious users to spoof SSL servers via an arbitrary va...
Zen-cart Zen Cart -
Paypal Instant Payment Notification -
5
CVSSv2
CVE-2018-1081
A flaw was found in Moodle 3.4 to 3.4.1, 3.3 to 3.3.4, 3.2 to 3.2.7, 3.1 to 3.1.10 and previous versions unsupported versions. Unauthenticated users can trigger custom messages to admin via paypal enrol script. Paypal IPN callback script should only send error emails to admin aft...
Moodle Moodle
4.3
CVSSv2
CVE-2009-1366
Cross-site scripting (XSS) vulnerability in Website\admin\Sales\paypalipn.aspx in DotNetNuke (DNN) prior to 4.9.3 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors related to "name/value pairs" and "paypal IPN functionalit...
Dotnetnuke Dotnetnuke 1.0.6
Dotnetnuke Dotnetnuke 1.0.7
Dotnetnuke Dotnetnuke 4.0
Dotnetnuke Dotnetnuke 3.3.5
Dotnetnuke Dotnetnuke 4.5.5
Dotnetnuke Dotnetnuke 4.6.1
Dotnetnuke Dotnetnuke 4.6.2
Dotnetnuke Dotnetnuke 4.9
Dotnetnuke Dotnetnuke
Dotnetnuke Dotnetnuke 1.0.8
Dotnetnuke Dotnetnuke 1.0.9
Dotnetnuke Dotnetnuke 3.0.7
Dotnetnuke Dotnetnuke 4.6.0
Dotnetnuke Dotnetnuke 4.7.0
Dotnetnuke Dotnetnuke 4.8.0
Dotnetnuke Dotnetnuke 4.9.1
Dotnetnuke Dotnetnuke 2.1.1
Dotnetnuke Dotnetnuke 2.1.2
Dotnetnuke Dotnetnuke 3.0.8
Dotnetnuke Dotnetnuke 3.1.0
Dotnetnuke Dotnetnuke 4.8.1
Dotnetnuke Dotnetnuke 4.8.2
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48700
CVE-2022-48689
CVE-2024-27956
CVE-2023-6363
SQL
NULL pointer dereference
CVE-2023-41830
CVE-2015-2051
arbitrary
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started