Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zen vulnerabilities and exploits
(subscribe to this query)
5.8
CVSSv2
CVE-2012-5806
The PayPal Payments Pro module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle malicious users to spoof SSL servers via an arbitrary ...
Zen-cart Zen Cart -
Paypal Payments Pro -
2.6
CVSSv2
CVE-2012-2710
Cross-site scripting (XSS) vulnerability in the Zen module 6.x-1.x prior to 6.x-1.1 for Drupal, when "Append the content title to the end of the breadcrumb" is enabled, allows remote malicious users to inject arbitrary web script or HTML via the content title in a bread...
John Albin Zen 6.x-1.0
John Albin Zen 6.x-1.0beta1
John Albin Zen 6.x-1.x
5
CVSSv2
CVE-2007-3146
Zen Help Desk 2.1 stores sensitive information under the web root with insufficient access control, which allows remote malicious users to download a database containing a password via a direct request for ZenHelpDesk.mdb.
Zen Help Desk Software Zen Help Desk 2.1
5.8
CVSSv2
CVE-2012-5805
The PayPal IPN functionality in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle malicious users to spoof SSL servers via an arbitrary va...
Zen-cart Zen Cart -
Paypal Instant Payment Notification -
5.8
CVSSv2
CVE-2012-5807
The Authorize.Net eCheck module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle malicious users to spoof SSL servers via an arbitrary...
Zen-cart Zen Cart -
Lincolnloop Authorize.net Echeck Module -
5
CVSSv2
CVE-2017-6104
Remote file upload vulnerability in Wordpress Plugin Mobile App Native 3.0.
Zen Mobile App Native Project Zen Mobile App Native
1 EDB exploit
NA
CVE-2023-1089
The Coupon Zen WordPress plugin prior to 1.0.6 does not have CSRF check when activating plugins, which could allow malicious users to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack
Hasthemes Coupon Zen
6.8
CVSSv2
CVE-2010-1053
Multiple SQL injection vulnerabilities in Zen Time Tracking 2.2 and previous versions, when magic_quotes_gpc is disabled, allow remote malicious users to execute arbitrary SQL commands via the (1) username and (2) password parameters to (a) userlogin.php and (b) managerlogin.php....
Zentracking Zen Time Tracking
1 EDB exploit
NA
CVE-2022-40756
If folder security is misconfigured for Actian Zen PSQL BEFORE Patch Update 1 for Zen 15 SP1 (v15.11.005), Patch Update 4 for Zen 15 (v15.01.017), or Patch Update 5 for Zen 14 SP2 (v14.21.022), it can allow an attacker (with file read/write access) to remove specific security fil...
Actian Psql
Actian Zen
9
CVSSv2
CVE-2020-11490
Manage::Certificates in Zen Load Balancer 3.10.1 allows remote authenticated admins to execute arbitrary OS commands via shell metacharacters in the index.cgi cert_issuer, cert_division, cert_organization, cert_locality, cert_state, cert_country, or cert_email parameter.
Zevenet Zen Load Balancer 3.10.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »