Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zen vulnerabilities and exploits
(subscribe to this query)
516
VMScore
CVE-2012-5806
The PayPal Payments Pro module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle malicious users to spoof SSL servers via an arbitrary ...
Zen-cart Zen Cart -
Paypal Payments Pro -
231
VMScore
CVE-2012-2710
Cross-site scripting (XSS) vulnerability in the Zen module 6.x-1.x prior to 6.x-1.1 for Drupal, when "Append the content title to the end of the breadcrumb" is enabled, allows remote malicious users to inject arbitrary web script or HTML via the content title in a bread...
John Albin Zen 6.x-1.0
John Albin Zen 6.x-1.0beta1
John Albin Zen 6.x-1.x
516
VMScore
CVE-2012-5805
The PayPal IPN functionality in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle malicious users to spoof SSL servers via an arbitrary va...
Zen-cart Zen Cart -
Paypal Instant Payment Notification -
516
VMScore
CVE-2012-5807
The Authorize.Net eCheck module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle malicious users to spoof SSL servers via an arbitrary...
Zen-cart Zen Cart -
Lincolnloop Authorize.net Echeck Module -
445
VMScore
CVE-2007-3146
Zen Help Desk 2.1 stores sensitive information under the web root with insufficient access control, which allows remote malicious users to download a database containing a password via a direct request for ZenHelpDesk.mdb.
Zen Help Desk Software Zen Help Desk 2.1
505
VMScore
CVE-2017-6104
Remote file upload vulnerability in Wordpress Plugin Mobile App Native 3.0.
Zen Mobile App Native Project Zen Mobile App Native
1 EDB exploit
NA
CVE-2023-1089
The Coupon Zen WordPress plugin prior to 1.0.6 does not have CSRF check when activating plugins, which could allow malicious users to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack
Hasthemes Coupon Zen
NA
CVE-2022-40756
If folder security is misconfigured for Actian Zen PSQL BEFORE Patch Update 1 for Zen 15 SP1 (v15.11.005), Patch Update 4 for Zen 15 (v15.01.017), or Patch Update 5 for Zen 14 SP2 (v14.21.022), it can allow an attacker (with file read/write access) to remove specific security fil...
Actian Psql
Actian Zen
685
VMScore
CVE-2010-1053
Multiple SQL injection vulnerabilities in Zen Time Tracking 2.2 and previous versions, when magic_quotes_gpc is disabled, allow remote malicious users to execute arbitrary SQL commands via the (1) username and (2) password parameters to (a) userlogin.php and (b) managerlogin.php....
Zentracking Zen Time Tracking
1 EDB exploit
801
VMScore
CVE-2020-11490
Manage::Certificates in Zen Load Balancer 3.10.1 allows remote authenticated admins to execute arbitrary OS commands via shell metacharacters in the index.cgi cert_issuer, cert_division, cert_organization, cert_locality, cert_state, cert_country, or cert_email parameter.
Zevenet Zen Load Balancer 3.10.1
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »