Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
oscommerce oscommerce vulnerabilities and exploits
(subscribe to this query)
578
VMScore
CVE-2018-18573
osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. Remote authenticated administrators can upload new '.htaccess' files (e.g., omitting .php) and subsequently achieve arbitrary PHP code execution via a /ca...
Oscommerce Oscommerce 2.3.4.1
534
VMScore
CVE-2009-0408
Cross-site request forgery (CSRF) vulnerability in osCommerce 2.2 RC 2a allows remote malicious users to hijack the authentication of administrators.
Oscommerce Oscommerce 2.2
516
VMScore
CVE-2012-5792
The Sage Pay Direct module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle malicious users to spoof SSL servers via an arbitrary va...
Oscommerce Oscommerce -
Sagepay Sage Pay Direct Module -
516
VMScore
CVE-2012-5793
The Authorize.Net module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle malicious users to spoof SSL servers via an arbitrary vali...
Oscommerce Oscommerce -
Harald Ponce De Leon Authorize.net -
516
VMScore
CVE-2012-5794
The MoneyBookers module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle malicious users to spoof SSL servers via an arbitrary valid...
Moneybookers Moneybookers -
Oscommerce Oscommerce -
516
VMScore
CVE-2012-5795
The PayPal Express module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle malicious users to spoof SSL servers via an arbitrary val...
Akunamachata Paypal Express Module -
Oscommerce Oscommerce -
516
VMScore
CVE-2012-5796
The PayPal Pro module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle malicious users to spoof SSL servers via an arbitrary valid c...
Paypal Paypal Pro -
Oscommerce Oscommerce -
516
VMScore
CVE-2012-5797
The PayPal Pro PayFlow module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle malicious users to spoof SSL servers via an arbitrary...
Brian Burton Paypal Pro Payflow Module -
Oscommerce Oscommerce -
516
VMScore
CVE-2012-5798
The PayPal Pro PayFlow EC module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle malicious users to spoof SSL servers via an arbitr...
Paypal Payflow Pro Express Checkout -
Oscommerce Oscommerce -
515
VMScore
CVE-2006-5190
Multiple cross-site scripting (XSS) vulnerabilities in osCommerce 2.2 Milestone 2 Update 060817 allow remote malicious users to inject arbitrary web script or HTML via the (1) page parameter in the (a) banner_manager.php, (b) banner_statistics.php, (c) countries.php, (d) currenci...
Oscommerce Oscommerce 2.2 Ms3
Oscommerce Oscommerce
Oscommerce Oscommerce 2.2 Ms1
Oscommerce Oscommerce 1.11
Oscommerce Oscommerce 2.2 Ms2
Oscommerce Oscommerce 1.5.1
Oscommerce Oscommerce 1.12
Oscommerce Oscommerce 2.2 Cvs
Oscommerce Oscommerce 2.1
Oscommerce Oscommerce 1.1
Oscommerce Oscommerce 1.13
17 EDB exploits
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3080
log injection
CVE-2024-6041
CVE-2024-37661
XML external entity
CVE-2024-0845
privilege escalation
CVE-2023-37057
CVE-2024-27801
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »