Vulnerabilities > Ebay
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-06 | CVE-2023-26107 | Code Injection vulnerability in Ebay Sketchsvg All versions of the package sketchsvg are vulnerable to Arbitrary Code Injection when invoking shell.exec without sanitization nor parametrization while concatenating the current directory as part of the command string. | 7.8 |
| 2010-11-09 | CVE-2010-4211 | Improper Authentication vulnerability in Ebay Paypal The PayPal app before 3.0.1 for iOS does not verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof a PayPal web server via an arbitrary certificate. | 2.9 |
| 2009-06-09 | CVE-2008-2475 | OS Command Injection vulnerability in Ebay Enhanced Picture Uploader Activex Control eBay Enhanced Picture Uploader ActiveX control (EPUWALcontrol.dll) before 1.0.27 allows remote attackers to execute arbitrary commands via the PictureUrls property. | 9.3 |
| 2006-07-08 | CVE-2006-1176 | Remote Buffer Overflow vulnerability in EBay Enhanced Picture Service ActiveX Buffer overflow in eBay Enhanced Picture Services (aka EPUImageControl Class) in EUPWALcontrol.dll before 1.0.3.48, as used in Sell Your Item (SYI), Setup & Test eBay Enhanced Picture Services, Picture Manager Enhanced Uploader, and CARad.com Add Vehicle, allows remote attackers to execute arbitrary code via a crafted HTML document. | 7.5 |