RSS   Vulnerabilities for 'Paypal'   RSS

2018-04-27
 
CVE-2013-7202

CWE-264
 

 
The WebHybridClient class in PayPal 5.3 and earlier for Android allows remote attackers to execute arbitrary JavaScript on the system.

 
 
CVE-2013-7201

CWE-295
 

 
WebHybridClient.java in PayPal 5.3 and earlier for Android ignores SSL errors, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information.

 
2012-11-04
 
CVE-2012-5802

 

 
The PayPal module in Ubercart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

 

 >>> Vendor: Paypal 19 Products
Php toolkit
Ubercart payflow
Website payments standard module
Mass pay
Payments pro
Transactional information soap
Merchant sdk
IPN
Payments standard
Invoicing
Paypal pro
Payflow pro express checkout
Paypal
Instant payment notification
Wps toolkit
Merchant-sdk-php
Php invoice sdk
Php permissions sdk
Adaptive payments sdk


Copyright 2020, cxsecurity.com

 

Back to Top