Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
paypal paypal - vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2012-5791
PayPal Invoicing does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle malicious users to spoof SSL servers via an arbitrary valid certificate.
Paypal Invoicing -
7.5
CVSSv3
CVE-2021-41120
sylius/paypal-plugin is a paypal plugin for the Sylius development platform. In affected versions the URL to the payment page done after checkout was created with autoincremented payment id (/pay-with-paypal/{id}) and therefore it was easy to predict. The problem is that the Cred...
Sylius Paypal
NA
CVE-2010-4211
The PayPal app prior to 3.0.1 for iOS does not verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle malicious users to spoof a PayPal web server via an arbitrary certificate.
Ebay Paypal
NA
CVE-2011-5237
PayPal WPS ToolKit does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle malicious users to spoof SSL servers via an arbitrary valid certificate.
Paypal Wps Toolkit -
NA
CVE-2005-1362
Multiple SQL injection vulnerabilities in MetaCart 2.0 for Paypal allow remote malicious users to execute arbitrary SQL commands via the (1) intProdID parameter to product.asp, (2) intCatalogID or (3) strSubCatalogID parameters to productsByCategory.asp, (4) chkText, (5) strText,...
Metalinks Metacart2 Paypal
NA
CVE-2006-0201
Dave Nielsen and Patrick Breitenbach PayPal Web Services (aka PHP Toolkit) 0.50, and possibly earlier versions, allows remote malicious users to enter false payment entries into the log file via HTTP POST requests to ipn_success.php.
Paypal Php Toolkit
NA
CVE-2006-0202
Dave Nielsen and Patrick Breitenbach PayPal Web Services (aka PHP Toolkit) 0.50 and possibly earlier has (1) world-readable permissions for ipn/logs/ipn_success.txt, which allows local users to view sensitive information (payment data), and (2) world-writable permissions for ipn/...
Paypal Php Toolkit
9.8
CVSSv3
CVE-2023-28843
PrestaShop/paypal is an open source module for the PrestaShop web commerce ecosystem which provides paypal payment support. A SQL injection vulnerability found in the PrestaShop paypal module from release from 3.12.0 to and including 3.16.3 allow a remote malicious user to gain p...
202-ecommerce Paypal
NA
CVE-2012-5789
PayPal Payments Standard PHP Library prior to 20120427 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle malicious users to spoof SSL servers via a...
Paypal Payments Standard -
9.8
CVSSv3
CVE-2020-14092
The CodePeople Payment Form for PayPal Pro plugin prior to 1.1.65 for WordPress allows SQL Injection.
Ithemes Paypal Pro
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »