Vulnerabilities > Oscommerce > Oscommerce
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-11-04 | CVE-2012-5794 | Improper Input Validation vulnerability in multiple products The MoneyBookers module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | 5.8 |
| 2012-11-04 | CVE-2012-5793 | Improper Input Validation vulnerability in multiple products The Authorize.Net module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | 5.8 |
| 2012-11-04 | CVE-2012-5792 | Improper Input Validation vulnerability in multiple products The Sage Pay Direct module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | 5.8 |
| 2012-01-26 | CVE-2012-0312 | Cross-Site Scripting vulnerability in Oscommerce Online Merchant and Oscommerce Cross-site scripting (XSS) vulnerability in osCommerce 2.2MS1J before R9, and osCommerce Online Merchant before 2.3.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2012-01-26 | CVE-2012-0311 | Cross-Site Scripting vulnerability in Oscommerce Cross-site scripting (XSS) vulnerability in osCommerce 2.2MS1J before R9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2011-12-05 | CVE-2011-4543 | Path Traversal vulnerability in Oscommerce 3.0.2 Multiple directory traversal vulnerabilities in osCommerce 3.0.2 allow remote attackers to include and execute arbitrary local files via a .. | 7.5 |
| 2011-09-24 | CVE-2011-3767 | Information Exposure vulnerability in Oscommerce 3.0A5 osCommerce 3.0a5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by redirect.php. | 5.0 |
| 2009-06-12 | CVE-2009-2039 | Remote Security vulnerability in Oscommerce Luottokunta 1.3 Unspecified vulnerability in the Luottokunta module before 1.3 for osCommerce has unknown impact and attack vectors related to orders. | 10.0 |
| 2009-06-12 | CVE-2009-2038 | Unspecified vulnerability in Oscommerce Finnish Bank Payment Unspecified vulnerability in the Finnish Bank Payment module 2.2 for osCommerce has unknown impact and attack vectors related to bank charges. | 10.0 |
| 2009-02-03 | CVE-2009-0408 | Cross-Site Request Forgery (CSRF) vulnerability in Oscommerce 2.2 Cross-site request forgery (CSRF) vulnerability in osCommerce 2.2 RC 2a allows remote attackers to hijack the authentication of administrators. | 6.0 |