Skip to main content
CVE-2012-5822 HIGH POC This Week

The contribution feature in Zamboni does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Python Information Disclosure Zamboni
NVD
CVSS 3.1
7.4
EPSS
0.1%
CVE-2012-5819 HIGH POC This Week

FilesAnywhere does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Filesanywhere
NVD
CVSS 3.1
7.4
EPSS
0.1%
CVE-2012-5817 HIGH POC This Week

Codehaus XFire 1.2.6 and earlier, as used in the Amazon EC2 API Tools Java library and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN). Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Java RCE Ec2 Api Tools Java Library Xfire
NVD
CVSS 3.1
7.4
EPSS
0.1%
CVE-2012-5784 MEDIUM POC This Month

Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products,. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Apache Information Disclosure Java Activemq Axis +3
NVD
CVSS 2.0
5.8
EPSS
1.6%
CVE-2012-3446 MEDIUM POC PATCH This Month

Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Apache Information Disclosure Libcloud
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2012-5821 MEDIUM POC This Month

Lynx does not verify that the server's certificate is signed by a trusted certification authority, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate, related to. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Lynx Ubuntu Linux
NVD
CVSS 3.1
5.9
EPSS
0.2%
CVE-2012-5810 MEDIUM POC This Month

The Chase mobile banking application for Android does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate,. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Google Chase Mobile
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2012-5785 MEDIUM POC PATCH This Month

Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available.

Apache Information Disclosure Java Axis2
NVD
CVSS 2.0
5.8
EPSS
0.5%
CVE-2012-5787 MEDIUM POC This Month

The PayPal merchant SDK does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Merchant Sdk
NVD GitHub
CVSS 2.0
5.8
EPSS
0.2%
CVE-2012-5824 MEDIUM POC This Month

Trillian 5.1.0.19 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Trillian
NVD
CVSS 2.0
5.8
EPSS
0.2%
CVE-2012-5825 MEDIUM POC PATCH This Month

Tweepy does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available.

Python Information Disclosure Tweepy
NVD
CVSS 2.0
5.8
EPSS
0.1%
CVE-2012-5823 MEDIUM POC This Month

Open Source Classifieds does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP Information Disclosure Opensourceclassifieds
NVD
CVSS 2.0
5.8
EPSS
0.1%
CVE-2012-5818 MEDIUM POC This Month

ElephantDrive does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Elephantdrive
NVD
CVSS 2.0
5.8
EPSS
0.1%
CVE-2012-5816 MEDIUM POC This Month

AOL Instant Messenger (AIM) 1.0.1.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Aim
NVD
CVSS 2.0
5.8
EPSS
0.1%
CVE-2012-5815 MEDIUM POC This Month

The Rackspace app 2.1.5 for iOS does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Apple Rackspace
NVD
CVSS 2.0
5.8
EPSS
0.1%
CVE-2012-5814 MEDIUM POC This Month

Weberknecht, as used in GitHub Gaug.es and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Gaug Es Weberknecht
NVD
CVSS 2.0
5.8
EPSS
0.1%
CVE-2012-5813 MEDIUM POC This Month

The Android_Pusher library for Android does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Google Android Pusher
NVD
CVSS 2.0
5.8
EPSS
0.1%
CVE-2012-5812 MEDIUM POC This Month

The ACRA library for Android does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Google Acra Library
NVD
CVSS 2.0
5.8
EPSS
0.1%
CVE-2012-5811 MEDIUM POC This Month

The Breezy application for Android does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Google Breezy
NVD
CVSS 2.0
5.8
EPSS
0.1%
CVE-2012-5809 MEDIUM POC This Month

The Groupon Redemptions application for Android does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate,. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Google Groupon Merchants
NVD
CVSS 2.0
5.8
EPSS
0.1%
CVE-2012-5808 MEDIUM POC This Month

The LinkPoint module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Linkpoint Zen Cart
NVD
CVSS 2.0
5.8
EPSS
0.1%
CVE-2012-5807 MEDIUM POC This Month

The Authorize.Net eCheck module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Authorize Net Echeck Module Zen Cart
NVD
CVSS 2.0
5.8
EPSS
0.1%
CVE-2012-5806 MEDIUM POC This Month

The PayPal Payments Pro module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP Information Disclosure Payments Pro Zen Cart
NVD
CVSS 2.0
5.8
EPSS
0.1%
CVE-2012-5805 MEDIUM POC This Month

The PayPal IPN functionality in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Instant Payment Notification Zen Cart
NVD
CVSS 2.0
5.8
EPSS
0.1%
CVE-2012-5804 MEDIUM POC This Month

The CyberSource module in Ubercart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Cybersource Ubercart
NVD
CVSS 2.0
5.8
EPSS
0.1%
CVE-2012-5803 MEDIUM POC This Month

The Authorize.Net module in Ubercart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Authorize Net Module Ubercart
NVD
CVSS 2.0
5.8
EPSS
0.1%
CVE-2012-5802 MEDIUM POC This Month

The PayPal module in Ubercart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Paypal Ubercart
NVD
CVSS 2.0
5.8
EPSS
0.1%
CVE-2012-5801 MEDIUM POC This Month

The PayPal module in PrestaShop does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP Information Disclosure Ebay Prestashop
NVD
CVSS 2.0
5.8
EPSS
0.1%
CVE-2012-5800 MEDIUM POC This Month

The eBay module in PrestaShop does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Ebay Module Prestashop
NVD
CVSS 2.0
5.8
EPSS
0.1%
CVE-2012-5799 MEDIUM POC This Month

The Canada Post (aka CanadaPost) module in PrestaShop does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP Information Disclosure Prestashop Canadapost
NVD
CVSS 2.0
5.8
EPSS
0.1%
CVE-2012-5798 MEDIUM POC This Month

The PayPal Pro PayFlow EC module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Oscommerce Payflow Pro Express Checkout
NVD
CVSS 2.0
5.8
EPSS
0.1%
CVE-2012-5797 MEDIUM POC This Month

The PayPal Pro PayFlow module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Paypal Pro Payflow Module Oscommerce
NVD
CVSS 2.0
5.8
EPSS
0.1%
CVE-2012-5796 MEDIUM POC This Month

The PayPal Pro module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Oscommerce Paypal Pro
NVD
CVSS 2.0
5.8
EPSS
0.1%
CVE-2012-5795 MEDIUM POC This Month

The PayPal Express module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Paypal Express Module Oscommerce
NVD
CVSS 2.0
5.8
EPSS
0.1%
CVE-2012-5794 MEDIUM POC This Month

The MoneyBookers module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Moneybookers Oscommerce
NVD
CVSS 2.0
5.8
EPSS
0.1%
CVE-2012-5793 MEDIUM POC This Month

The Authorize.Net module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Authorize Net Oscommerce
NVD
CVSS 2.0
5.8
EPSS
0.1%
CVE-2012-5792 MEDIUM POC This Month

The Sage Pay Direct module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Oscommerce Sage Pay Direct Module
NVD
CVSS 2.0
5.8
EPSS
0.1%
CVE-2012-5791 MEDIUM POC This Month

PayPal Invoicing does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Invoicing
NVD
CVSS 2.0
5.8
EPSS
0.1%
CVE-2012-5790 MEDIUM POC This Month

PayPal Payments Standard PHP Library 20120427 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP Information Disclosure Payments Standard
NVD
CVSS 2.0
5.8
EPSS
0.1%
CVE-2012-5789 MEDIUM POC This Month

PayPal Payments Standard PHP Library before 20120427 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate,. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP Information Disclosure Payments Standard
NVD
CVSS 2.0
5.8
EPSS
0.1%
CVE-2012-5788 MEDIUM POC This Month

The PayPal IPN utility does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP Information Disclosure Ipn
NVD
CVSS 2.0
5.8
EPSS
0.1%
CVE-2012-5782 MEDIUM POC This Month

Amazon Flexible Payments Service (FPS) PHP Library does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate,. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP Information Disclosure Flexible Payments Service
NVD
CVSS 2.0
5.8
EPSS
0.1%
CVE-2012-5781 MEDIUM POC This Month

Amazon Elastic Load Balancing API Tools does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Elastic Information Disclosure Elastic Load Balancing
NVD
CVSS 2.0
5.8
EPSS
0.1%
CVE-2012-5780 MEDIUM POC This Month

The Amazon merchant SDK does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Merchant Sdk
NVD
CVSS 2.0
5.8
EPSS
0.1%
CVE-2012-5820 MEDIUM POC This Month

The developer-account sample code in Google AdMob does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate,. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Google RCE Admob
NVD
CVSS 2.0
5.8
EPSS
0.1%
CVE-2012-4987 MEDIUM This Month

Stack-based buffer overflow in RealNetworks RealPlayer 15.0.5.109 allows user-assisted remote attackers to execute arbitrary code via a crafted ZIP file that triggers incorrect processing of long. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow RCE Realplayer
NVD
CVSS 2.0
6.8
EPSS
4.0%
CVE-2012-5783 MEDIUM PATCH This Month

Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Apache Information Disclosure Java Httpclient Ubuntu Linux
NVD
CVSS 2.0
5.8
EPSS
0.6%
CVE-2012-5170 MEDIUM This Month

Open redirect vulnerability in Pebble before 2.6.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Open Redirect Pebble
NVD
CVSS 2.0
5.8
EPSS
0.5%
CVE-2012-5786 MEDIUM This Month

The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF before 2.7.0 does not verify that the server hostname matches a domain name in the. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Apache RCE Cxf
NVD
CVSS 2.0
5.8
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy