Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zen vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2012-5806
The PayPal Payments Pro module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle malicious users to spoof SSL servers via an arbitrary ...
Zen-cart Zen Cart -
Paypal Payments Pro -
NA
CVE-2012-2710
Cross-site scripting (XSS) vulnerability in the Zen module 6.x-1.x prior to 6.x-1.1 for Drupal, when "Append the content title to the end of the breadcrumb" is enabled, allows remote malicious users to inject arbitrary web script or HTML via the content title in a bread...
John Albin Zen 6.x-1.0
John Albin Zen 6.x-1.0beta1
John Albin Zen 6.x-1.x
NA
CVE-2012-5805
The PayPal IPN functionality in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle malicious users to spoof SSL servers via an arbitrary va...
Zen-cart Zen Cart -
Paypal Instant Payment Notification -
NA
CVE-2007-3146
Zen Help Desk 2.1 stores sensitive information under the web root with insufficient access control, which allows remote malicious users to download a database containing a password via a direct request for ZenHelpDesk.mdb.
Zen Help Desk Software Zen Help Desk 2.1
NA
CVE-2012-5807
The Authorize.Net eCheck module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle malicious users to spoof SSL servers via an arbitrary...
Zen-cart Zen Cart -
Lincolnloop Authorize.net Echeck Module -
7.5
CVSSv3
CVE-2017-6104
Remote file upload vulnerability in Wordpress Plugin Mobile App Native 3.0.
Zen Mobile App Native Project Zen Mobile App Native
1 EDB exploit
4.3
CVSSv3
CVE-2023-1089
The Coupon Zen WordPress plugin prior to 1.0.6 does not have CSRF check when activating plugins, which could allow malicious users to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack
Hasthemes Coupon Zen
NA
CVE-2010-1053
Multiple SQL injection vulnerabilities in Zen Time Tracking 2.2 and previous versions, when magic_quotes_gpc is disabled, allow remote malicious users to execute arbitrary SQL commands via the (1) username and (2) password parameters to (a) userlogin.php and (b) managerlogin.php....
Zentracking Zen Time Tracking
1 EDB exploit
8.8
CVSSv3
CVE-2022-40756
If folder security is misconfigured for Actian Zen PSQL BEFORE Patch Update 1 for Zen 15 SP1 (v15.11.005), Patch Update 4 for Zen 15 (v15.01.017), or Patch Update 5 for Zen 14 SP2 (v14.21.022), it can allow an attacker (with file read/write access) to remove specific security fil...
Actian Psql
Actian Zen
4.9
CVSSv3
CVE-2020-11491
Monitoring::Logs in Zen Load Balancer 3.10.1 allows remote authenticated admins to conduct absolute path traversal attacks, as demonstrated by a filelog=/etc/shadow request to index.cgi.
Zevenet Zen Load Balancer 3.10.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »