CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 1CVE-2012-5789
https://notcve.org/view.php?id=CVE-2012-5789
04 Nov 2012 — PayPal Payments Standard PHP Library before 20120427 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to intentional disabling of certificate-validation checks through a "FALSE" value. La librería PHP PayPal Payments Standard 20120427 no comprueba si el nombre del servidor coincide con un nombre de dominio ... • http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf • CWE-20: Improper Input Validation •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 1CVE-2012-5788
https://notcve.org/view.php?id=CVE-2012-5788
04 Nov 2012 — The PayPal IPN utility does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the PHP fsockopen function. La utilidad PayPal IPN no comprueba si el nombre del servidor coincide con un nombre de dominio en el Common Name (CN) del asunto o el campo subjectAltName del certificado X.509, lo que permite a at... • http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf • CWE-20: Improper Input Validation •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 1CVE-2012-5787
https://notcve.org/view.php?id=CVE-2012-5787
04 Nov 2012 — The PayPal merchant SDK does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. La utilidad PayPal merchand SDK no comprueba si el nombre del servidor coincide con un nombre de dominio en el Common Name (CN) del asunto o el campo subjectAltName del certificado X.509, lo que permite a atacantes man-in-the-middle falsificar... • http://secunia.com/advisories/51184 • CWE-20: Improper Input Validation •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 1CVE-2012-5806
https://notcve.org/view.php?id=CVE-2012-5806
04 Nov 2012 — The PayPal Payments Pro module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the PHP fsockopen function, a different vulnerability than CVE-2012-5805. El módulo PayPal Payments Pro en Zen Cart no comprueba si el nombre del servidor coincide con un nombre de dominio en el Common Name... • http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf • CWE-20: Improper Input Validation •
CVSS: 5.8EPSS: 0%CPEs: 29EXPL: 1CVE-2012-5784 – axis: missing connection hostname check against X.509 certificate name
https://notcve.org/view.php?id=CVE-2012-5784
04 Nov 2012 — Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. Apache Axis v1.4 y versiones anteriores, tal y como se utiliza en los ... • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00007.html • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 0%CPEs: 5EXPL: 0CVE-2012-2991
https://notcve.org/view.php?id=CVE-2012-2991
19 Sep 2012 — The PayPal (aka MODULE_PAYMENT_PAYPAL_STANDARD) module before 1.1 in osCommerce Online Merchant before 2.3.4 allows remote attackers to set the payment recipient via a modified value of the merchant's e-mail address, as demonstrated by setting the recipient to one's self. El módulo PayPal (también conocido como MODULE_PAYMENT_PAYPAL_STANDARD)anterior a v1.1 en osCommerce Online Merchant anteriores a v2.3.4 permite a atacantes remotos, fijar el receptor de pago a través de un valor modificado en la dirección... • http://secunia.com/advisories/50640 •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2012-2058
https://notcve.org/view.php?id=CVE-2012-2058
17 Sep 2012 — The Ubercart Payflow module for Drupal does not use a secure token, which allows remote attackers to forge payments via unspecified vectors. El módulo Payflow Ubercart para Drupal no utiliza un token seguro, lo que permite a atacantes remotos falsificar pagos a través de vectores no especificados. • http://drupal.org/node/1482126 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2006-0202
https://notcve.org/view.php?id=CVE-2006-0202
13 Jan 2006 — Dave Nielsen and Patrick Breitenbach PayPal Web Services (aka PHP Toolkit) 0.50 and possibly earlier has (1) world-readable permissions for ipn/logs/ipn_success.txt, which allows local users to view sensitive information (payment data), and (2) world-writable permissions for ipn/logs, which allows local users to delete or replace payment data. • http://secunia.com/advisories/18444 •
CVSS: 9.1EPSS: 1%CPEs: 1EXPL: 0CVE-2006-0201
https://notcve.org/view.php?id=CVE-2006-0201
13 Jan 2006 — Dave Nielsen and Patrick Breitenbach PayPal Web Services (aka PHP Toolkit) 0.50, and possibly earlier versions, allows remote attackers to enter false payment entries into the log file via HTTP POST requests to ipn_success.php. • http://secunia.com/advisories/18444 •