Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
12 vulnerabilities by ubercart
CVE-2014-9026 (GCVE-0-2014-9026)
Vulnerability from cvelistv5 – Published: 2014-11-20 17:00 – Updated: 2024-09-16 16:48
VLAI
Summary
The Ubercart module 7.x-3.x before 7.x-3.7 for Drupal does not properly protect the per-user order history view, which allows remote authenticated users with the "view own orders" permission to obtain sensitive information via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.drupal.org/node/2336259 | x_refsource_MISC |
| https://www.drupal.org/node/2336109 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:33:13.535Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.drupal.org/node/2336259"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.drupal.org/node/2336109"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Ubercart module 7.x-3.x before 7.x-3.7 for Drupal does not properly protect the per-user order history view, which allows remote authenticated users with the \"view own orders\" permission to obtain sensitive information via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-11-20T17:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.drupal.org/node/2336259"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.drupal.org/node/2336109"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9026",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Ubercart module 7.x-3.x before 7.x-3.7 for Drupal does not properly protect the per-user order history view, which allows remote authenticated users with the \"view own orders\" permission to obtain sensitive information via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.drupal.org/node/2336259",
"refsource": "MISC",
"url": "https://www.drupal.org/node/2336259"
},
{
"name": "https://www.drupal.org/node/2336109",
"refsource": "CONFIRM",
"url": "https://www.drupal.org/node/2336109"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9026",
"datePublished": "2014-11-20T17:00:00.000Z",
"dateReserved": "2014-11-20T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:48:17.015Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2301 (GCVE-0-2012-2301)
Vulnerability from cvelistv5 – Published: 2014-11-16 02:00 – Updated: 2024-08-06 19:26
VLAI
Summary
The Ubercart module 6.x-2.x before 6.x-2.8 for Drupal allows remote authenticated users with the "administer product classes" permission to execute arbitrary PHP code via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2012/05/03/2 | mailing-listx_refsource_MLIST |
| http://drupal.org/node/1547506 | x_refsource_MISC |
| http://secunia.com/advisories/48935 | third-party-advisoryx_refsource_SECUNIA |
| http://drupal.org/node/1547674 | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2012/05/03/1 | mailing-listx_refsource_MLIST |
| http://www.securityfocus.com/bid/53251 | vdb-entryx_refsource_BID |
| http://drupal.org/node/1547508 | x_refsource_MISC |
Date Public
2012-04-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:26:09.011Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20120502 Re: CVE Request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/03/2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://drupal.org/node/1547506"
},
{
"name": "48935",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48935"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://drupal.org/node/1547674"
},
{
"name": "[oss-security] 20120502 CVE Request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/03/1"
},
{
"name": "53251",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53251"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://drupal.org/node/1547508"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-04-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Ubercart module 6.x-2.x before 6.x-2.8 for Drupal allows remote authenticated users with the \"administer product classes\" permission to execute arbitrary PHP code via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-11-16T01:57:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20120502 Re: CVE Request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/03/2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://drupal.org/node/1547506"
},
{
"name": "48935",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48935"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://drupal.org/node/1547674"
},
{
"name": "[oss-security] 20120502 CVE Request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/03/1"
},
{
"name": "53251",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53251"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://drupal.org/node/1547508"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2301",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Ubercart module 6.x-2.x before 6.x-2.8 for Drupal allows remote authenticated users with the \"administer product classes\" permission to execute arbitrary PHP code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20120502 Re: CVE Request for Drupal contributed modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/03/2"
},
{
"name": "http://drupal.org/node/1547506",
"refsource": "MISC",
"url": "http://drupal.org/node/1547506"
},
{
"name": "48935",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48935"
},
{
"name": "http://drupal.org/node/1547674",
"refsource": "MISC",
"url": "http://drupal.org/node/1547674"
},
{
"name": "[oss-security] 20120502 CVE Request for Drupal contributed modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/03/1"
},
{
"name": "53251",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53251"
},
{
"name": "http://drupal.org/node/1547508",
"refsource": "MISC",
"url": "http://drupal.org/node/1547508"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-2301",
"datePublished": "2014-11-16T02:00:00.000Z",
"dateReserved": "2012-04-19T00:00:00.000Z",
"dateUpdated": "2024-08-06T19:26:09.011Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-7302 (GCVE-0-2013-7302)
Vulnerability from cvelistv5 – Published: 2014-04-29 14:00 – Updated: 2024-08-06 18:01
VLAI
Summary
Session fixation vulnerability in the Ubercart module 6.x-2.x before 6.x-2.13 and 7.x-3.x before 7.x-3.6 for Drupal, when the "Log in new customers after checkout" option is enabled, allows remote attackers to hijack web sessions by leveraging knowledge of the original session ID.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://drupal.org/node/2158651 | x_refsource_MISC |
| https://drupal.org/node/2158567 | x_refsource_CONFIRM |
| https://drupal.org/node/2158565 | x_refsource_CONFIRM |
Date Public
2013-12-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:01:20.579Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://drupal.org/node/2158651"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://drupal.org/node/2158567"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://drupal.org/node/2158565"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Session fixation vulnerability in the Ubercart module 6.x-2.x before 6.x-2.13 and 7.x-3.x before 7.x-3.6 for Drupal, when the \"Log in new customers after checkout\" option is enabled, allows remote attackers to hijack web sessions by leveraging knowledge of the original session ID."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-04-29T12:57:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://drupal.org/node/2158651"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://drupal.org/node/2158567"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://drupal.org/node/2158565"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7302",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Session fixation vulnerability in the Ubercart module 6.x-2.x before 6.x-2.13 and 7.x-3.x before 7.x-3.6 for Drupal, when the \"Log in new customers after checkout\" option is enabled, allows remote attackers to hijack web sessions by leveraging knowledge of the original session ID."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://drupal.org/node/2158651",
"refsource": "MISC",
"url": "https://drupal.org/node/2158651"
},
{
"name": "https://drupal.org/node/2158567",
"refsource": "CONFIRM",
"url": "https://drupal.org/node/2158567"
},
{
"name": "https://drupal.org/node/2158565",
"refsource": "CONFIRM",
"url": "https://drupal.org/node/2158565"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7302",
"datePublished": "2014-04-29T14:00:00.000Z",
"dateReserved": "2014-01-20T00:00:00.000Z",
"dateUpdated": "2024-08-06T18:01:20.579Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-0322 (GCVE-0-2013-0322)
Vulnerability from cvelistv5 – Published: 2013-03-27 21:00 – Updated: 2024-08-06 14:25
VLAI
Summary
Cross-site scripting (XSS) vulnerability in Views in the Ubercart module 7.x-3.x before 7.x-3.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via the full name field.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2013/02/21/5 | mailing-listx_refsource_MLIST |
| http://drupalcode.org/project/ubercart.git/commit… | x_refsource_CONFIRM |
| http://secunia.com/advisories/52298 | third-party-advisoryx_refsource_SECUNIA |
| http://drupal.org/node/1922136 | x_refsource_CONFIRM |
| http://drupal.org/node/1922418 | x_refsource_MISC |
Date Public
2013-02-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:25:09.030Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20130220 Re: CVE request for Drupal Core and contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/21/5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupalcode.org/project/ubercart.git/commitdiff/f9d69b5"
},
{
"name": "52298",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/52298"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/1922136"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://drupal.org/node/1922418"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-02-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Views in the Ubercart module 7.x-3.x before 7.x-3.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via the full name field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-07-19T09:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20130220 Re: CVE request for Drupal Core and contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/21/5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupalcode.org/project/ubercart.git/commitdiff/f9d69b5"
},
{
"name": "52298",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/52298"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/1922136"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://drupal.org/node/1922418"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-0322",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Views in the Ubercart module 7.x-3.x before 7.x-3.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via the full name field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20130220 Re: CVE request for Drupal Core and contributed modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/02/21/5"
},
{
"name": "http://drupalcode.org/project/ubercart.git/commitdiff/f9d69b5",
"refsource": "CONFIRM",
"url": "http://drupalcode.org/project/ubercart.git/commitdiff/f9d69b5"
},
{
"name": "52298",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52298"
},
{
"name": "http://drupal.org/node/1922136",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1922136"
},
{
"name": "http://drupal.org/node/1922418",
"refsource": "MISC",
"url": "http://drupal.org/node/1922418"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-0322",
"datePublished": "2013-03-27T21:00:00.000Z",
"dateReserved": "2012-12-06T00:00:00.000Z",
"dateUpdated": "2024-08-06T14:25:09.030Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-5804 (GCVE-0-2012-5804)
Vulnerability from cvelistv5 – Published: 2012-11-04 22:00 – Updated: 2024-08-06 21:14
VLAI
Summary
The CyberSource module in Ubercart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf | x_refsource_MISC |
Date Public
2012-10-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:14:16.522Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cybersource-ubercart-ssl-spoofing(79947)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79947"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-10-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The CyberSource module in Ubercart does not verify that the server hostname matches a domain name in the subject\u0027s Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "cybersource-ubercart-ssl-spoofing(79947)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79947"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5804",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The CyberSource module in Ubercart does not verify that the server hostname matches a domain name in the subject\u0027s Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "cybersource-ubercart-ssl-spoofing(79947)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79947"
},
{
"name": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf",
"refsource": "MISC",
"url": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-5804",
"datePublished": "2012-11-04T22:00:00.000Z",
"dateReserved": "2012-11-04T00:00:00.000Z",
"dateUpdated": "2024-08-06T21:14:16.522Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-5802 (GCVE-0-2012-5802)
Vulnerability from cvelistv5 – Published: 2012-11-04 22:00 – Updated: 2024-08-06 21:14
VLAI
Summary
The PayPal module in Ubercart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf | x_refsource_MISC |
Date Public
2012-10-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:14:16.509Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "paypal-ubercart-ssl-spoofing(79949)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79949"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-10-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The PayPal module in Ubercart does not verify that the server hostname matches a domain name in the subject\u0027s Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "paypal-ubercart-ssl-spoofing(79949)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79949"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5802",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The PayPal module in Ubercart does not verify that the server hostname matches a domain name in the subject\u0027s Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "paypal-ubercart-ssl-spoofing(79949)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79949"
},
{
"name": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf",
"refsource": "MISC",
"url": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-5802",
"datePublished": "2012-11-04T22:00:00.000Z",
"dateReserved": "2012-11-04T00:00:00.000Z",
"dateUpdated": "2024-08-06T21:14:16.509Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-5803 (GCVE-0-2012-5803)
Vulnerability from cvelistv5 – Published: 2012-11-04 22:00 – Updated: 2024-08-06 21:14
VLAI
Summary
The Authorize.Net module in Ubercart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2012-10-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:14:16.417Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf"
},
{
"name": "authorizedotnet-ubercart-ssl-spoofing(79948)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79948"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-10-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Authorize.Net module in Ubercart does not verify that the server hostname matches a domain name in the subject\u0027s Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf"
},
{
"name": "authorizedotnet-ubercart-ssl-spoofing(79948)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79948"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5803",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Authorize.Net module in Ubercart does not verify that the server hostname matches a domain name in the subject\u0027s Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf",
"refsource": "MISC",
"url": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf"
},
{
"name": "authorizedotnet-ubercart-ssl-spoofing(79948)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79948"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-5803",
"datePublished": "2012-11-04T22:00:00.000Z",
"dateReserved": "2012-11-04T00:00:00.000Z",
"dateUpdated": "2024-08-06T21:14:16.417Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2300 (GCVE-0-2012-2300)
Vulnerability from cvelistv5 – Published: 2012-08-14 22:00 – Updated: 2024-09-16 17:03
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart module 6.x-2.x before 6.x-2.8 and 7.x-3.x before 7.x-3.1 for Drupal allow remote authenticated users with the administer product classes permission to inject arbitrary web script or HTML via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2012/05/03/2 | mailing-listx_refsource_MLIST |
| http://secunia.com/advisories/48935 | third-party-advisoryx_refsource_SECUNIA |
| http://drupal.org/node/1547674 | x_refsource_MISC |
| http://drupal.org/node/1547508 | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2012/05/03/1 | mailing-listx_refsource_MLIST |
| http://drupalcode.org/project/ubercart.git/commit… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/53251 | vdb-entryx_refsource_BID |
| http://drupalcode.org/project/ubercart.git/commit… | x_refsource_CONFIRM |
| http://drupal.org/node/1547506 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:26:09.011Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20120502 Re: CVE Request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/03/2"
},
{
"name": "48935",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48935"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://drupal.org/node/1547674"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/1547508"
},
{
"name": "[oss-security] 20120502 CVE Request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/03/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupalcode.org/project/ubercart.git/commitdiff/dfd8658"
},
{
"name": "53251",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53251"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupalcode.org/project/ubercart.git/commitdiff/3e7c0b8"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/1547506"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart module 6.x-2.x before 6.x-2.8 and 7.x-3.x before 7.x-3.1 for Drupal allow remote authenticated users with the administer product classes permission to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-08-14T22:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20120502 Re: CVE Request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/03/2"
},
{
"name": "48935",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48935"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://drupal.org/node/1547674"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/1547508"
},
{
"name": "[oss-security] 20120502 CVE Request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/03/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupalcode.org/project/ubercart.git/commitdiff/dfd8658"
},
{
"name": "53251",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53251"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupalcode.org/project/ubercart.git/commitdiff/3e7c0b8"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/1547506"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2300",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart module 6.x-2.x before 6.x-2.8 and 7.x-3.x before 7.x-3.1 for Drupal allow remote authenticated users with the administer product classes permission to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20120502 Re: CVE Request for Drupal contributed modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/03/2"
},
{
"name": "48935",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48935"
},
{
"name": "http://drupal.org/node/1547674",
"refsource": "MISC",
"url": "http://drupal.org/node/1547674"
},
{
"name": "http://drupal.org/node/1547508",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1547508"
},
{
"name": "[oss-security] 20120502 CVE Request for Drupal contributed modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/03/1"
},
{
"name": "http://drupalcode.org/project/ubercart.git/commitdiff/dfd8658",
"refsource": "CONFIRM",
"url": "http://drupalcode.org/project/ubercart.git/commitdiff/dfd8658"
},
{
"name": "53251",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53251"
},
{
"name": "http://drupalcode.org/project/ubercart.git/commitdiff/3e7c0b8",
"refsource": "CONFIRM",
"url": "http://drupalcode.org/project/ubercart.git/commitdiff/3e7c0b8"
},
{
"name": "http://drupal.org/node/1547506",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1547506"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-2300",
"datePublished": "2012-08-14T22:00:00.000Z",
"dateReserved": "2012-04-19T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:03:37.613Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2299 (GCVE-0-2012-2299)
Vulnerability from cvelistv5 – Published: 2012-08-14 22:00 – Updated: 2024-09-17 02:01
VLAI
Summary
The Ubercart module 6.x-2.x before 6.x-2.8 and 7.x-3.x before 7.x-3.1 for Drupal stores passwords for new customers in plaintext during checkout, which allows local users to obtain sensitive information by reading from the database.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2012/05/03/2 | mailing-listx_refsource_MLIST |
| http://secunia.com/advisories/48935 | third-party-advisoryx_refsource_SECUNIA |
| http://drupal.org/node/1547674 | x_refsource_MISC |
| http://drupal.org/node/1547508 | x_refsource_CONFIRM |
| http://drupalcode.org/project/ubercart.git/commit… | x_refsource_CONFIRM |
| http://drupalcode.org/project/ubercart.git/commit… | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2012/05/03/1 | mailing-listx_refsource_MLIST |
| http://www.securityfocus.com/bid/53251 | vdb-entryx_refsource_BID |
| http://drupal.org/node/1547506 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:26:09.012Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20120502 Re: CVE Request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/03/2"
},
{
"name": "48935",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48935"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://drupal.org/node/1547674"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/1547508"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupalcode.org/project/ubercart.git/commitdiff/035d2cb"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupalcode.org/project/ubercart.git/commitdiff/8c61e84"
},
{
"name": "[oss-security] 20120502 CVE Request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/03/1"
},
{
"name": "53251",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53251"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/1547506"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Ubercart module 6.x-2.x before 6.x-2.8 and 7.x-3.x before 7.x-3.1 for Drupal stores passwords for new customers in plaintext during checkout, which allows local users to obtain sensitive information by reading from the database."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-08-14T22:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20120502 Re: CVE Request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/03/2"
},
{
"name": "48935",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48935"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://drupal.org/node/1547674"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/1547508"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupalcode.org/project/ubercart.git/commitdiff/035d2cb"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupalcode.org/project/ubercart.git/commitdiff/8c61e84"
},
{
"name": "[oss-security] 20120502 CVE Request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/03/1"
},
{
"name": "53251",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53251"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/1547506"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2299",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Ubercart module 6.x-2.x before 6.x-2.8 and 7.x-3.x before 7.x-3.1 for Drupal stores passwords for new customers in plaintext during checkout, which allows local users to obtain sensitive information by reading from the database."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20120502 Re: CVE Request for Drupal contributed modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/03/2"
},
{
"name": "48935",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48935"
},
{
"name": "http://drupal.org/node/1547674",
"refsource": "MISC",
"url": "http://drupal.org/node/1547674"
},
{
"name": "http://drupal.org/node/1547508",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1547508"
},
{
"name": "http://drupalcode.org/project/ubercart.git/commitdiff/035d2cb",
"refsource": "CONFIRM",
"url": "http://drupalcode.org/project/ubercart.git/commitdiff/035d2cb"
},
{
"name": "http://drupalcode.org/project/ubercart.git/commitdiff/8c61e84",
"refsource": "CONFIRM",
"url": "http://drupalcode.org/project/ubercart.git/commitdiff/8c61e84"
},
{
"name": "[oss-security] 20120502 CVE Request for Drupal contributed modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/03/1"
},
{
"name": "53251",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53251"
},
{
"name": "http://drupal.org/node/1547506",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1547506"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-2299",
"datePublished": "2012-08-14T22:00:00.000Z",
"dateReserved": "2012-04-19T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:01:08.432Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4772 (GCVE-0-2009-4772)
Vulnerability from cvelistv5 – Published: 2010-04-20 14:00 – Updated: 2024-08-07 07:17
VLAI
Summary
Unspecified vulnerability in the PayPal Website Payments Standard functionality in the Ubercart module 5.x before 5.x-1.9 and 6.x before 6.x-2.1 for Drupal, when a custom checkout completion message is enabled, allows attackers to obtain sensitive information via unknown vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/37058 | vdb-entryx_refsource_BID |
| http://drupal.org/node/636576 | x_refsource_CONFIRM |
| http://osvdb.org/60291 | vdb-entryx_refsource_OSVDB |
| http://secunia.com/advisories/37440 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2009-11-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:17:25.411Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "37058",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37058"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/636576"
},
{
"name": "60291",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/60291"
},
{
"name": "37440",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37440"
},
{
"name": "ubercart-unspecified-information-disclosure(54345)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54345"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-11-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the PayPal Website Payments Standard functionality in the Ubercart module 5.x before 5.x-1.9 and 6.x before 6.x-2.1 for Drupal, when a custom checkout completion message is enabled, allows attackers to obtain sensitive information via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "37058",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37058"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/636576"
},
{
"name": "60291",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/60291"
},
{
"name": "37440",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37440"
},
{
"name": "ubercart-unspecified-information-disclosure(54345)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54345"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4772",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the PayPal Website Payments Standard functionality in the Ubercart module 5.x before 5.x-1.9 and 6.x before 6.x-2.1 for Drupal, when a custom checkout completion message is enabled, allows attackers to obtain sensitive information via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37058",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37058"
},
{
"name": "http://drupal.org/node/636576",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/636576"
},
{
"name": "60291",
"refsource": "OSVDB",
"url": "http://osvdb.org/60291"
},
{
"name": "37440",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37440"
},
{
"name": "ubercart-unspecified-information-disclosure(54345)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54345"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4772",
"datePublished": "2010-04-20T14:00:00.000Z",
"dateReserved": "2010-04-20T00:00:00.000Z",
"dateUpdated": "2024-08-07T07:17:25.411Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4771 (GCVE-0-2009-4771)
Vulnerability from cvelistv5 – Published: 2010-04-20 14:00 – Updated: 2024-08-07 07:17
VLAI
Summary
The PayPal Website Payments Standard functionality in the Ubercart module 5.x before 5.x-1.9 and 6.x before 6.x-2.1 for Drupal does not properly validate orders, which allows remote attackers to trigger unspecified "duplicate actions" via unknown vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/37058 | vdb-entryx_refsource_BID |
| http://drupal.org/node/636576 | x_refsource_CONFIRM |
| http://secunia.com/advisories/37440 | third-party-advisoryx_refsource_SECUNIA |
| http://osvdb.org/60290 | vdb-entryx_refsource_OSVDB |
Date Public
2009-11-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:17:25.354Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ubercart-orders-security-bypass(54346)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54346"
},
{
"name": "37058",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37058"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/636576"
},
{
"name": "37440",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37440"
},
{
"name": "60290",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/60290"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-11-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The PayPal Website Payments Standard functionality in the Ubercart module 5.x before 5.x-1.9 and 6.x before 6.x-2.1 for Drupal does not properly validate orders, which allows remote attackers to trigger unspecified \"duplicate actions\" via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ubercart-orders-security-bypass(54346)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54346"
},
{
"name": "37058",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37058"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/636576"
},
{
"name": "37440",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37440"
},
{
"name": "60290",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/60290"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4771",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The PayPal Website Payments Standard functionality in the Ubercart module 5.x before 5.x-1.9 and 6.x before 6.x-2.1 for Drupal does not properly validate orders, which allows remote attackers to trigger unspecified \"duplicate actions\" via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ubercart-orders-security-bypass(54346)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54346"
},
{
"name": "37058",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37058"
},
{
"name": "http://drupal.org/node/636576",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/636576"
},
{
"name": "37440",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37440"
},
{
"name": "60290",
"refsource": "OSVDB",
"url": "http://osvdb.org/60290"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4771",
"datePublished": "2010-04-20T14:00:00.000Z",
"dateReserved": "2010-04-20T00:00:00.000Z",
"dateUpdated": "2024-08-07T07:17:25.354Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4773 (GCVE-0-2009-4773)
Vulnerability from cvelistv5 – Published: 2010-04-20 14:00 – Updated: 2024-08-07 07:17
VLAI
Summary
Cross-site request forgery (CSRF) vulnerability in the order-management functionality in the Ubercart module 5.x before 5.x-1.9 and 6.x before 6.x-2.1 for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/37058 | vdb-entryx_refsource_BID |
| http://drupal.org/node/636576 | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://osvdb.org/60292 | vdb-entryx_refsource_OSVDB |
| http://secunia.com/advisories/37440 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2009-11-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:17:25.657Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "37058",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37058"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/636576"
},
{
"name": "ubercart-unspecified-csrf(54344)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54344"
},
{
"name": "60292",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/60292"
},
{
"name": "37440",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37440"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-11-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in the order-management functionality in the Ubercart module 5.x before 5.x-1.9 and 6.x before 6.x-2.1 for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "37058",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37058"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/636576"
},
{
"name": "ubercart-unspecified-csrf(54344)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54344"
},
{
"name": "60292",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/60292"
},
{
"name": "37440",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37440"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4773",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in the order-management functionality in the Ubercart module 5.x before 5.x-1.9 and 6.x before 6.x-2.1 for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37058",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37058"
},
{
"name": "http://drupal.org/node/636576",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/636576"
},
{
"name": "ubercart-unspecified-csrf(54344)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54344"
},
{
"name": "60292",
"refsource": "OSVDB",
"url": "http://osvdb.org/60292"
},
{
"name": "37440",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37440"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4773",
"datePublished": "2010-04-20T14:00:00.000Z",
"dateReserved": "2010-04-20T00:00:00.000Z",
"dateUpdated": "2024-08-07T07:17:25.657Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}