CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2018-18572
https://notcve.org/view.php?id=CVE-2018-18572
osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. Because of this filter, script files with certain PHP-related extensions (such as .phtml and .php5) didn't execute in the application. But this filter didn't prevent the '.pht' extension. Thus, remote authenticated administrators can upload '.pht' files for arbitrary PHP code execution via a /catalog/admin/categories.php?cPath=&action=new_product URI. osCommerce 2.3.4.1 tiene un '.htaccess' incompleto para el filtrado de listas negras en la página "producto". • https://github.com/osCommerce/oscommerce2/issues/631 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-2965
https://notcve.org/view.php?id=CVE-2015-2965
Directory traversal vulnerability in osCommerce Japanese 2.2ms1j-R8 and earlier allows remote authenticated administrators to read arbitrary files via unspecified vectors. Vulnerabilidad de salto de directorio en osCommerce Japanese 2.2ms1j-R8 y anteriores permite a administradores remotos autenticados leer ficheros arbitrarios a través de vectores no especificados. • http://jvn.jp/en/jp/JVN96312698/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2015-000091 http://www.bitscope.co.jp/tep/news.html http://www.securityfocus.com/bid/75472 http://www.securitytracker.com/id/1032736 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.8EPSS: 0%CPEs: 2EXPL: 1CVE-2012-5796
https://notcve.org/view.php?id=CVE-2012-5796
The PayPal Pro module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. El módulo PayPal Pro en osCommerce no comprueba si el nombre del servidor coincide con un nombre de dominio en el Common Name (CN) del asunto o el campo subjectAltName del certificado X.509, lo que permite a atacantes man-in-the-middle falsificar servidores SSL a través de un certificado válido de su elección. • http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf https://exchange.xforce.ibmcloud.com/vulnerabilities/79955 • CWE-20: Improper Input Validation •
CVSS: 5.8EPSS: 0%CPEs: 2EXPL: 1CVE-2012-5793
https://notcve.org/view.php?id=CVE-2012-5793
The Authorize.Net module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. El módulo Authorize.Net en osCommerce no comprueba si el nombre del servidor coincide con un nombre de dominio en el Common Name (CN) del asunto o el campo subjectAltName del certificado X.509, lo que permite a atacantes man-in-the-middle falsificar servidores SSL a través de un certificado válido de su elección. • http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf https://exchange.xforce.ibmcloud.com/vulnerabilities/79978 • CWE-20: Improper Input Validation •
CVSS: 5.8EPSS: 0%CPEs: 2EXPL: 1CVE-2012-5795
https://notcve.org/view.php?id=CVE-2012-5795
The PayPal Express module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. El módulo PayPal Express en osCommerce no comprueba si el nombre del servidor coincide con un nombre de dominio en el Common Name (CN) del asunto o el campo subjectAltName del certificado X.509, lo que permite a atacantes man-in-the-middle falsificar servidores SSL a través de un certificado válido de su elección. • http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf https://exchange.xforce.ibmcloud.com/vulnerabilities/79956 • CWE-20: Improper Input Validation •