Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ubercart ubercart - vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2012-2058
The Ubercart Payflow module for Drupal does not use a secure token, which allows remote malicious users to forge payments via unspecified vectors.
Paypal Ubercart Payflow -
668
VMScore
CVE-2015-5504
SQL injection vulnerability in the Novalnet Payment Module Ubercart module for Drupal allows remote malicious users to execute arbitrary SQL commands via unspecified vectors.
Novalnet Novalnet Payment Module Ubercart-
383
VMScore
CVE-2008-1916
Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart 5.x prior to 5.x-1.0-rc1 module for Drupal allow remote malicious users to inject arbitrary web script or HTML via text fields intended for the (1) address and (2) order information, which are later displayed on ...
Drupal Ubercart Module 5-1.0
605
VMScore
CVE-2012-2057
Cross-site request forgery (CSRF) vulnerability in the Ubercart Bulk Stock Updater module for Drupal allows remote malicious users to hijack the authentication of unspecified victims via unknown vectors related to formAPI.
Miura Ubercart Bulk Stock Updater -
445
VMScore
CVE-2012-2702
The Ubercart Product Keys module 6.x-1.x prior to 6.x-1.1 for Drupal does not properly check access for product keys, which allows remote malicious users to read all unassigned product keys via certain conditions related to the uid.
Tony Freixas Ubercart Product Keys 6.x-1.0
231
VMScore
CVE-2012-2731
The Ubercart AJAX Cart 6.x-2.x prior to 6.x-2.1 for Drupal stores the PHP session id in the JavaScript settings array in page loads, which might allow remote malicious users to obtain sensitive information by sniffing or reading the cache of the HTML of a webpage.
Richardo Ante Ubercart Ajax Cart 6.x-2.0
445
VMScore
CVE-2012-4482
The Ubercart SecureTrading Payment Method module 6.x for Drupal does not properly verify payment notification information, which allows remote malicious users to purchase an item without paying via unspecified vectors.
Longwaveconsulting Ubercart Securetrading Payment Method Module 6.x-1.0
312
VMScore
CVE-2007-5621
Multiple cross-site scripting (XSS) vulnerabilities in the Token module prior to 4.7.x-1.5, and 5.x prior to 5.x-1.9, for Drupal; as used by the ASIN Field, e-Commerce, Fullname field for CCK, Invite, Node Relativity, Pathauto, PayPal Node, and Ubercart modules; allow remote auth...
Drupal Invite Module
Drupal Token Module
Drupal Drupal 5.2
Drupal Paypal Node Module
Drupal Node Relativity Module
Drupal Ubercart Module
Drupal Drupal 5.0
Drupal Pathauto Module
Drupal Drupal 4.7
Drupal E-commerce Module
Drupal Drupal 5.1
Drupal Asin Field Module
Drupal Fullname Field For Cck
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3