CVEs from 2012
Total
5,222
critical
critical 963
high
high 747
medium
medium 2,885
low
low 530
% Critical
18.4%
% with KEV
0.4%
% with exploit
0.5%
Top vendors
Top products
- chrome 7,005
- safari 6,451
- itunes 4,416
- firefox 4,272
- seamonkey 3,619
- opera_browser 3,599
- mysql 2,827
- thunderbird 2,165
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2012-5382 | medium | — | 6.0 | 14y ago | Untrusted search path vulnerability in the installation functionality in Zend Server 5.6.0 SP4, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan … | |
| CVE-2012-5381 | medium | — | 6.0 | 14y ago | Untrusted search path vulnerability in the installation functionality in PHP 5.3.17, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL i… | |
| CVE-2012-5378 | medium | — | 6.0 | 14y ago | Untrusted search path vulnerability in the installation functionality in ActiveTcl 8.5.12, when installed in the top-level C:\ directory, allows local users to gain privileges via a Trojan horse DLL … | |
| CVE-2012-5377 | medium | — | 6.0 | 14y ago | Untrusted search path vulnerability in the installation functionality in ActivePerl 5.16.1.1601, when installed in the top-level C:\ directory, allows local users to gain privileges via a Trojan hors… | |
| CVE-2012-5350 | medium | — | 6.0 | 14y ago | SQL injection vulnerability in the Pay With Tweet plugin before 1.2 for WordPress allows remote authenticated users with certain permissions to execute arbitrary SQL commands via the id parameter in … | |
| CVE-2012-0987 | medium | — | 6.0 | 14y ago | Directory traversal vulnerability in edituser.php in ImpressCMS 1.2.x before 1.2.7 Final and 1.3.x before 1.3.1 Final allows remote authenticated users to include and execute arbitrary local files vi… | |
| CVE-2012-1576 | medium | — | 6.0 | 14y ago | The myuser_delete function in libathemecore/account.c in Atheme 5.x before 5.2.7, 6.x before 6.0.10, and 7.x before 7.0.0-beta2 does not properly clean up CertFP entries when a user is deleted, which… | |
| CVE-2012-4450 | medium | — | 6.0 | 14y ago | 389 Directory Server 1.2.10 does not properly update the ACL when a DN entry is moved by a modrdn operation, which allows remote authenticated users with certain permissions to bypass ACL restriction… | |
| CVE-2012-1626 | medium | — | 6.0 | 14y ago | SQL injection vulnerability in the conversion form for Events in the Date module 6.x-2.x before 6.x-2.8 for Drupal allows remote authenticated users with the "administer Date Tools" privilege to exec… | |
| CVE-2012-1625 | medium | — | 6.0 | 14y ago | Eval injection vulnerability in the fillpdf_form_export_decode function in fillpdf.admin.inc in the Fill PDF module 6.x-1.x before 6.x-1.16 and 7.x-1.x before 7.x-1.2 for Drupal allows remote authent… | |
| CVE-2012-1638 | medium | — | 6.0 | 14y ago | SQL injection vulnerability in the Search Autocomplete module before 7.x-2.1 for Drupal allows remote authenticated users with the "use search_autocomplete" permission to execute arbitrary SQL comman… | |
| CVE-2012-3572 | medium | — | 6.0 | 14y ago | Open Source Competency Center (OSCC) MyMeeting 3.0.1 and earlier, and MyMesyuarat 09b-1, does not properly verify uploaded documents, which allows remote authenticated users to execute arbitrary PHP … | |
| CVE-2012-2981 | medium | — | 6.0 | 14y ago | Webmin 1.590 and earlier allows remote authenticated users to execute arbitrary Perl code via a crafted file associated with the type (aka monitor type name) parameter. | |
| CVE-2012-4404 | medium | — | 6.0 | 14y ago | security/__init__.py in MoinMoin 1.9 through 1.9.4 does not properly handle group names that contain virtual group names such as "All," "Known," or "Trusted," which allows remote authenticated users … | |
| CVE-2012-1468 | medium | — | 6.0 | 14y ago | Incomplete blacklist vulnerability in Open Journal Systems before 2.3.7 allows remote authenticated users with the Author Role permission to execute arbitrary code by uploading a file with an executa… | |
| CVE-2012-4737 | medium | — | 6.0 | 14y ago | channels/chan_iax2.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert7, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiu… | |
| CVE-2012-3325 | medium | — | 6.0 | 14y ago | IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.45, 7.0.x before 7.0.0.25, 8.0.x before 8.0.0.5, and 8.5.x Full Profile before 8.5.0.1, when the PM44303 fix is installed, does not properly … | |
| CVE-2012-1650 | medium | — | 6.0 | 14y ago | The ZipCart module 6.x before 6.x-1.4 for Drupal checks the "access content" permission instead of the "access ZipCart downloads" permission when building archives, which allows remote authenticated … | |
| CVE-2012-1641 | medium | — | 6.0 | 14y ago | The finder_import function in the Finder module 6.x-1.x before 6.x-1.26, 7.x-1.x, and 7.x-2.x before 7.x-2.0-alpha8 for Drupal allows remote authenticated users with the administer finder permission … | |
| CVE-2012-2073 | medium | — | 6.0 | 14y ago | The Bundle copy module 7.x-1.x before 7.x-1.1 for Drupal does not check for the "use PHP for settings" permission while importing settings, which allows remote authenticated users with certain permis… | |
| CVE-2012-4269 | medium | — | 6.0 | 14y ago | Unrestricted file upload vulnerability in eFront 3.6.11 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension via an attachment in a message. | |
| CVE-2012-3347 | medium | — | 6.0 | 14y ago | AutoFORM PDM Archive before 7.0 implements user accounts in a way that allows for JMX Console authentication, which allows remote authenticated users to bypass intended access restrictions via the /j… | |
| CVE-2012-1826 | medium | — | 6.0 | 14y ago | dotCMS allows remote authenticated users to execute arbitrary Java code | |
| CVE-2012-2902 | medium | — | 6.0 | 14y ago | Unrestricted file upload vulnerability in editor/extensions/browser/file.php in the Joomla Content Editor (JCE) component before 2.1 for Joomla!, when chunking is set to greater than zero, allows rem… | |
| CVE-2012-0733 | medium | — | 6.0 | 14y ago | IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1, when Integrated Windows authentication is used, allows remote authenticated users to obtain administrative privileges by hijacking a sessio… | |
| CVE-2012-0730 | medium | — | 6.0 | 14y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 allow remote attackers to hijack the authentication of administrators for requ… | |
| CVE-2012-0729 | medium | — | 6.0 | 14y ago | Unrestricted file upload vulnerability in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 allows remote authenticated users to execute arbitrary ASP.NET code by uploading a .aspx file, and… | |
| CVE-2012-1843 | medium | — | 6.0 | 14y ago | Cross-site request forgery (CSRF) vulnerability in saveRestore.htm on the Quantum Scalar i500 tape library with firmware before i7.0.3 (604G.GS00100), also distributed as the Dell ML6000 tape library… | |
| CVE-2012-1235 | medium | — | 6.0 | 15y ago | Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin WebAccess 7.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. NOTE: t… | |
| CVE-2012-0235 | medium | — | 6.0 | 15y ago | Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |
| CVE-2012-0994 | medium | — | 6.0 | 15y ago | SQL injection vulnerability in the Manage Albums feature in zp-core/admin-albumsort.php in ZENphoto 1.4.2 allows remote authenticated users to execute arbitrary SQL commands via the sortableList para… | |
| CVE-2012-1058 | medium | — | 6.0 | 15y ago | Cross-site request forgery (CSRF) vulnerability in Flyspray 0.9.9.6 allows remote attackers to hijack the authentication of admins for requests that add admin accounts via an admin.newuser action to … | |
| CVE-2012-1057 | medium | — | 6.0 | 15y ago | Cross-site request forgery (CSRF) vulnerability in the clickthrough tracking functionality in the Forward module 6.x-1.x before 6.x-1.21 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers … | |
| CVE-2012-0829 | medium | — | 6.0 | 15y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in Mibew Messenger 1.6.4 and earlier allow remote attackers to hijack the authentication of operators for requests that insert cross-site sc… | |
| CVE-2012-1031 | medium | — | 6.0 | 15y ago | Unspecified vulnerability in EPiServer CMS 5 and 6 through 6R2, in certain configurations using Forms Authentication, allows remote authenticated users to obtain WebAdmins access by leveraging Edit M… | |
| CVE-2012-6702 | medium | 5.9 | 5.9 | 10y ago | Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors in… | |
| CVE-2012-5821 | medium | 5.9 | 5.9 | 14y ago | Lynx does not verify that the server's certificate is signed by a trusted certification authority, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate, related to … | |
| CVE-2012-5810 | medium | 5.9 | 5.9 | 14y ago | The Chase mobile banking application for Android does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, whi… | |
| CVE-2012-3446 | medium | 5.9 | 5.9 | 14y ago | Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field o… | |
| CVE-2012-3552 | medium | 5.9 | 5.9 | 14y ago | Race condition in the IP implementation in the Linux kernel before 3.0 might allow remote attackers to cause a denial of service (slab corruption and system crash) by sending packets to an applicatio… | |
| CVE-2012-2993 | medium | 5.9 | 5.9 | 14y ago | Microsoft Windows Phone 7 does not verify the domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL server for the (1) … | |
| CVE-2012-1683 | medium | — | 5.9 | 14y ago | Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to gssd. | |
| CVE-2012-5583 | medium | — | 5.8 | 12y ago | phpCAS before 1.3.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle a… | |
| CVE-2012-5662 | medium | — | 5.8 | 12y ago | x3270 before 3.3.12ga12 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-midd… | |
| CVE-2012-1100 | medium | — | 5.8 | 13y ago | Red Hat JBoss Operations Network (JON) 3.0.x before 3.0.1, 2.4.2, and earlier, when LDAP authentication is enabled and the LDAP bind account credentials are invalid, allows remote attackers to login … | |
| CVE-2012-0062 | medium | — | 5.8 | 13y ago | Red Hat JBoss Operations Network (JON) before 2.4.2 and 3.0.x before 3.0.1 allows remote attackers to hijack agent sessions via an agent registration request without a security token. | |
| CVE-2012-0052 | medium | — | 5.8 | 13y ago | Red Hat JBoss Operations Network (JON) before 2.4.2 and 3.0.x before 3.0.1 does not check the JON agent key, which allows remote attackers to spoof the identity of arbitrary agents via the registered… | |
| CVE-2012-4115 | medium | — | 5.8 | 13y ago | The fabric-interconnect component in Cisco Unified Computing System (UCS) does not encrypt KVM virtual-media data, which allows man-in-the-middle attackers to obtain sensitive information by sniffing… | |
| CVE-2012-4117 | medium | — | 5.8 | 13y ago | The fabric-interconnect component in Cisco Unified Computing System (UCS) does not properly verify X.509 certificates, which allows man-in-the-middle attackers to watch SSL KVM video-channel traffic … | |
| CVE-2012-4114 | medium | — | 5.8 | 13y ago | The fabric-interconnect KVM module in Cisco Unified Computing System (UCS) does not encrypt video data, which allows man-in-the-middle attackers to watch KVM display content by sniffing the network o… | |
| CVE-2012-4092 | medium | — | 5.8 | 13y ago | The management interface in the Central Software component in Cisco Unified Computing System (UCS) does not properly validate the identity of vCenter consoles, which allows man-in-the-middle attacker… | |
| CVE-2012-5338 | medium | — | 5.8 | 13y ago | Open redirect vulnerability in JForum 2.1.9 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the returnPath parameter in a validateLogin acti… | |
| CVE-2012-4074 | medium | — | 5.8 | 13y ago | The Board Management Controller (BMC) in the Serial over LAN (SoL) subsystem in Cisco Unified Computing System (UCS) relies on a hardcoded private key, which allows man-in-the-middle attackers to obt… | |
| CVE-2012-4073 | medium | — | 5.8 | 13y ago | The KVM subsystem in the client in Cisco Unified Computing System (UCS) does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers, and read or mod… | |
| CVE-2012-6087 | medium | — | 5.8 | 13y ago | repository/s3/S3.php in the Amazon S3 library in Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and 2.5.x before 2.5.2 does not verify that the server hostname matches a domain name i… | |
| CVE-2012-6606 | medium | — | 5.8 | 13y ago | Palo Alto Networks GlobalProtect before 1.1.7, and NetConnect, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof portal servers and obtain sensiti… | |
| CVE-2012-6399 | medium | — | 5.8 | 13y ago | Cisco WebEx 4.1 on iOS does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middl… | |
| CVE-2012-5633 | medium | — | 5.8 | 13y ago | Improper Authentication in Apache CXF | |
| CVE-2012-5770 | medium | — | 5.8 | 13y ago | The SSL configuration in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.x before 7.2.1.4 supports the MD5 hash algorithm, which makes it easier for man-in-the-middle attackers to spo… | |
| CVE-2012-4842 | medium | — | 5.8 | 13y ago | Open redirect vulnerability in the web server in IBM Lotus Domino 8.5.x through 8.5.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vec… | |
| CVE-2012-6073 | medium | — | 5.8 | 13y ago | Jenkins affected by Open Redirect Vulnerability | |
| CVE-2012-5647 | medium | — | 5.8 | 13y ago | Open redirect vulnerability in node-util/www/html/restorer.php in Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks… | |
| CVE-2012-3370 | medium | — | 5.8 | 14y ago | The SecurityAssociation.getCredential method in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 re… | |
| CVE-2012-0703 | medium | — | 5.8 | 14y ago | Open redirect vulnerability in Information Services Framework (ISF) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 allows remote attackers to redirect users to arbitrary web sites … | |
| CVE-2012-6101 | medium | — | 5.8 | 14y ago | Multiple open redirect vulnerabilities in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 allow remote attackers to redirect users to arbitrary web sites and conduct phishing at… | |
| CVE-2012-0435 | medium | — | 5.8 | 14y ago | SUSE WebYaST before 1.2 0.2.63-0.6.1 allows remote attackers to modify the hosts list, and subsequently conduct man-in-the-middle attacks, via a crafted /host request on TCP port 4984. | |
| CVE-2012-6085 | medium | — | 5.8 | 14y ago | The read_block function in g10/import.c in GnuPG 1.4.x before 1.4.13 and 2.0.x through 2.0.19, when importing a key, allows remote attackers to corrupt the public keyring database or cause a denial o… | |
| CVE-2012-4918 | medium | — | 5.8 | 14y ago | Call of Duty Elite for iOS 2.0.1 does not properly validate the server SSL certificate, which allows remote attackers to obtain sensitive information via a Man-in-the-Middle (MITM) attack. | |
| CVE-2012-6499 | medium | — | 5.8 | 14y ago | Open redirect vulnerability in age-verification.php in the Age Verification plugin 0.4 and earlier for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing … | |
| CVE-2012-5769 | medium | — | 5.8 | 14y ago | IBM SPSS Modeler 14.0, 14.1, 14.2 through FP3, and 15.0 before FP2 allows remote attackers to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (C… | |
| CVE-2012-0741 | medium | — | 5.8 | 14y ago | IBM Security AppScan Enterprise before 8.6.0.2 and Rational Policy Tester before 8.5.0.3 do not validate X.509 certificates during use of the Manual Explore Proxy feature, which allows man-in-the-mid… | |
| CVE-2012-0738 | medium | — | 5.8 | 14y ago | IBM Security AppScan Enterprise before 8.6.0.2 and Rational Policy Tester before 8.5.0.3 do not validate X.509 certificates during scanning, which allows man-in-the-middle attackers to spoof SSL serv… | |
| CVE-2012-3482 | medium | — | 5.8 | 14y ago | Fetchmail 5.0.8 through 6.3.21, when using NTLM authentication in debug mode, allows remote NTLM servers to (1) cause a denial of service (crash and delayed delivery of inbound mail) via a crafted NT… | |
| CVE-2012-2549 | medium | — | 5.8 | 14y ago | The IP-HTTPS server in Windows Server 2008 R2 and R2 SP1 and Server 2012 does not properly validate certificates, which allows remote attackers to bypass intended access restrictions via a revoked ce… | |
| CVE-2012-4982 | medium | — | 5.8 | 14y ago | Open redirect vulnerability in assets/login on the Forescout CounterACT NAC device before 7.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL i… | |
| CVE-2012-4510 | medium | — | 5.8 | 14y ago | cups-pk-helper before 0.2.3 does not properly wrap the (1) cupsGetFile and (2) cupsPutFile function calls, which allows user-assisted remote attackers to read or overwrite sensitive files using CUPS … | |
| CVE-2012-5825 | medium | — | 5.8 | 14y ago | Tweepy does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to s… | |
| CVE-2012-5824 | medium | — | 5.8 | 14y ago | Trillian 5.1.0.19 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle att… | |
| CVE-2012-5823 | medium | — | 5.8 | 14y ago | Open Source Classifieds does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-midd… | |
| CVE-2012-5820 | medium | — | 5.8 | 14y ago | The developer-account sample code in Google AdMob does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, wh… | |
| CVE-2012-5818 | medium | — | 5.8 | 14y ago | ElephantDrive does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attacke… | |
| CVE-2012-5816 | medium | — | 5.8 | 14y ago | AOL Instant Messenger (AIM) 1.0.1.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man… | |
| CVE-2012-5815 | medium | — | 5.8 | 14y ago | The Rackspace app 2.1.5 for iOS does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-… | |
| CVE-2012-5814 | medium | — | 5.8 | 14y ago | Weberknecht, as used in GitHub Gaug.es and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certif… | |
| CVE-2012-5813 | medium | — | 5.8 | 14y ago | The Android_Pusher library for Android does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows … | |
| CVE-2012-5812 | medium | — | 5.8 | 14y ago | The ACRA library for Android does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the… | |
| CVE-2012-5811 | medium | — | 5.8 | 14y ago | The Breezy application for Android does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-… | |
| CVE-2012-5809 | medium | — | 5.8 | 14y ago | The Groupon Redemptions application for Android does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, whic… | |
| CVE-2012-5808 | medium | — | 5.8 | 14y ago | The LinkPoint module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in… | |
| CVE-2012-5807 | medium | — | 5.8 | 14y ago | The Authorize.Net eCheck module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which al… | |
| CVE-2012-5806 | medium | — | 5.8 | 14y ago | The PayPal Payments Pro module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which all… | |
| CVE-2012-5805 | medium | — | 5.8 | 14y ago | The PayPal IPN functionality in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allow… | |
| CVE-2012-5804 | medium | — | 5.8 | 14y ago | The CyberSource module in Ubercart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-… | |
| CVE-2012-5803 | medium | — | 5.8 | 14y ago | The Authorize.Net module in Ubercart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows ma… | |
| CVE-2012-5802 | medium | — | 5.8 | 14y ago | The PayPal module in Ubercart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-th… | |
| CVE-2012-5801 | medium | — | 5.8 | 14y ago | The PayPal module in PrestaShop does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-… | |
| CVE-2012-5800 | medium | — | 5.8 | 14y ago | The eBay module in PrestaShop does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-th… | |
| CVE-2012-5799 | medium | — | 5.8 | 14y ago | The Canada Post (aka CanadaPost) module in PrestaShop does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate… | |
| CVE-2012-5798 | medium | — | 5.8 | 14y ago | The PayPal Pro PayFlow EC module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which… | |
| CVE-2012-5797 | medium | — | 5.8 | 14y ago | The PayPal Pro PayFlow module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which al… |