← Back

Paypal

paypal

25 CVEs • 21 products

Products (21)

Click to collapse
Toggle
Paypal
paypal
3 CVEs
Php Toolkit
php_toolkit
2 CVEs
Payments Pro
payments_pro
2 CVEs
Payments Standard
payments_standard
2 CVEs
Braintree/sanitize Url
braintree/sanitize-url
2 CVEs
Ubercart Payflow
ubercart_payflow
1 CVE
Website Payments Standard Module
website_payments_standard_module
1 CVE
Mass Pay
mass_pay
1 CVE
Transactional Information Soap
transactional_information_soap
1 CVE
Merchant Sdk
merchant_sdk
1 CVE
Ipn
ipn
1 CVE
Invoicing
invoicing
1 CVE
Paypal Pro
paypal_pro
1 CVE
Payflow Pro Express Checkout
payflow_pro_express_checkout
1 CVE
Instant Payment Notification
instant_payment_notification
1 CVE
Wps Toolkit
wps_toolkit
1 CVE
Merchant Sdk Php
merchant-sdk-php
1 CVE
Php Invoice Sdk
php_invoice_sdk
1 CVE
Php Permissions Sdk
php_permissions_sdk
1 CVE
Adaptive Payments Sdk
adaptive_payments_sdk
1 CVE
Nemo Appium
nemo-appium
1 CVE

CVEs (25)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2012-5784
2Apache
Paypal
5Activemq
AxisMass Pay+2 more
Apr 29, 2026
Nov 4, 2012
N/A· v4
N/A· v3
5.8 MEDIUM· v2
Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that th...Show more
Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.Show less
CVE-2012-2991
2Oscommerce
Paypal
2Online Merchant
Website Payments Standard Module
Apr 29, 2026
Sep 19, 2012
N/A· v4
N/A· v3
5.0 MEDIUM· v2
The PayPal (aka MODULE_PAYMENT_PAYPAL_STANDARD) module before 1.1 in osCommerce Online Merchant before 2.3.4 allows remote attackers to set the payment recipient via a modified value of the merchant's e-mail address, as...Show more
The PayPal (aka MODULE_PAYMENT_PAYPAL_STANDARD) module before 1.1 in osCommerce Online Merchant before 2.3.4 allows remote attackers to set the payment recipient via a modified value of the merchant's e-mail address, as demonstrated by setting the recipient to one's self.Show less
CVE-2012-2058
1Paypal
1Ubercart Payflow
Apr 29, 2026
Sep 17, 2012
N/A· v4
N/A· v3
5.0 MEDIUM· v2
The Ubercart Payflow module for Drupal does not use a secure token, which allows remote attackers to forge payments via unspecified vectors.
CVE-2006-0202
1Paypal
1Php Toolkit
Apr 16, 2026
Jan 13, 2006
N/A· v4
N/A· v3
3.6 LOW· v2
Dave Nielsen and Patrick Breitenbach PayPal Web Services (aka PHP Toolkit) 0.50 and possibly earlier has (1) world-readable permissions for ipn/logs/ipn_success.txt, which allows local users to view sensitive information...Show more
Dave Nielsen and Patrick Breitenbach PayPal Web Services (aka PHP Toolkit) 0.50 and possibly earlier has (1) world-readable permissions for ipn/logs/ipn_success.txt, which allows local users to view sensitive information (payment data), and (2) world-writable permissions for ipn/logs, which allows local users to delete or replace payment data.Show less
CVE-2006-0201
1Paypal
1Php Toolkit
Apr 16, 2026
Jan 13, 2006
N/A· v4
N/A· v3
5.0 MEDIUM· v2
Dave Nielsen and Patrick Breitenbach PayPal Web Services (aka PHP Toolkit) 0.50, and possibly earlier versions, allows remote attackers to enter false payment entries into the log file via HTTP POST requests to ipn_succe...Show more
Dave Nielsen and Patrick Breitenbach PayPal Web Services (aka PHP Toolkit) 0.50, and possibly earlier versions, allows remote attackers to enter false payment entries into the log file via HTTP POST requests to ipn_success.php.Show less