Mollie Payment Forms & Donations Security Vulnerabilities

Decoding OWASP – A Security Engineer’s Roadmap to Application Security

In a time where over 60% of data breaches are linked to software vulnerabilities and a single overlooked software vulnerability can expose sensitive data, the imperative of robust application security cannot be overstated. The 2023 IBM Security Cost of a Data Breach Report highlights that...

CVE-2024-31802

DESIGNA ABACUS v.18 and before allows an attacker to bypass the payment process via a crafted QR...

CVE-2024-31802

DESIGNA ABACUS v.18 and before allows an attacker to bypass the payment process via a crafted QR...

Driving licences and other official documents leaked by authentication service used by Uber, TikTok, X, and more

A company that helps to authenticate users for big brands had a set of administration credentials exposed online for over a year, potentially allowing access to user identity documents such as driving licenses. As more and more legislation emerges requiring websites and platforms—like gambling...

Wordfence Intelligence Weekly WordPress Vulnerability Report (June 17, 2024 to June 23, 2024)

_ Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? __Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the...

Rust-Based P2PInfect Botnet Evolves with Miner and Ransomware Payloads

The peer-to-peer malware botnet known as P2PInfect has been found targeting misconfigured Redis servers with ransomware and cryptocurrency miners. The development marks the threat's transition from what appeared to be a dormant botnet with unclear motives to a financially motivated operation....

CVE-2024-31802

DESIGNA ABACUS v.18 and before allows an attacker to bypass the payment process via a crafted QR...

FreeBSD : Gitlab -- Vulnerabilities (589de937-343f-11ef-8a7b-001b217b3468)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 589de937-343f-11ef-8a7b-001b217b3468 advisory. Gitlab reports: Run pipelines as any user Stored XSS injected in imported project's commit...

RHEL 9 : OpenShift Container Platform 4.16.0 (RHSA-2024:0045)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0045 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...

RHEL 9 : Red Hat build of MicroShift 4.16.0 (RHSA-2024:0043)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0043 advisory. Red Hat build of MicroShift is Red Hat's light-weight Kubernetes orchestration solution designed for edge device deployments and is built...

CVE-2024-31802

DESIGNA ABACUS v.18 and before allows an attacker to bypass the payment process via a crafted QR...

CVE-2024-36680: SQL Injection Vulnerability in Facebook’s PrestaShop Module Exposes Thousands of E-commerce Sites to Credit Card Fraud

**SQL Injection Exposure in Promokit.eu Threatens Facebook's PrestaShop Customers ** PrestaShop is a free, open-source E-commerce platform launched in 2007. Built with PHP and MySQL, it offers customizable, scalable solutions for online stores. Features include product management, inventory...

Episode 2: Behind the Scenes of a Tailor-Made Massive Phishing Campaign Part 2

Executive Summary Last summer, we investigated a massive, global phishing campaign impersonating almost 350 legitimate companies. Our continued investigation into this expansive phishing campaign revealed leaked backend source code, shedding light on the infrastructure behind the operation. This...

[updated] Federal Reserve “breached” data may actually belong to Evolve Bank

A shockwave went through the financial world when ransomware group LockBit claimed to have breached the US Federal Reserve, the central banking system of the United States. On LockBit's dark web leak site, the group threatened to release over 30 TB of banking information containing Americans'...

New Credit Card Skimmer Targets WordPress, Magento, and OpenCart Sites

Multiple content management system (CMS) platforms like WordPress, Magento, and OpenCart have been targeted by a new credit card web skimmer called Caesar Cipher Skimmer. A web skimmer refers to malware that is injected into e-commerce sites with the goal of stealing financial and payment...

Neiman Marcus confirms breach. Is the customer data already for sale?

Luxury retail chain Neiman Marcus has begun to inform customers about a cyberattack it discovered in May. The attacker compromised a database platform storing customers' personal information. The letter tells customers: “Promptly after learning of the issue, we took steps to contain it, including.....

From Top Dogs to Unified Pack

Embracing a consolidated security ecosystem Authored by Ralph Wascow Cybersecurity is as unpredictable as it is rewarding. Each day often presents a new set of challenges and responsibilities, particularly as organizations accelerate digital transformation efforts. This means you and your cyber...

Malicious code in Bսnіfu.UI2.Forms (NuGet)

-= Per source details. Do not edit below this...

Malicious code in react-forms-middleware (npm)

-= Per source details. Do not edit below this...

Malicious code in payment-cards (npm)

-= Per source details. Do not edit below this...

FreeBSD : chromium -- multiple security fixes (2b68c86a-32d5-11ef-8a0f-a8a1599412c6)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 2b68c86a-32d5-11ef-8a0f-a8a1599412c6 advisory. Chrome Releases reports: This update includes 5 security fixes: Tenable has extracted the...

Essential Strategies to Secure Your Web Applications and APIs in a Modern Application Development World

In today’s interconnected digital world, the role of web applications and APIs has become central to business operations, acting as gateways to vast amounts of valuable data and services. However, their widespread use and accessibility make them prime targets for cybercriminals, posing substantial....

Change Healthcare confirms the customer data stolen in ransomware attack

For the first time since news broke about a ransomware attack on Change Healthcare, the company has released details about the data stolen during the attack. First, a quick refresher: On February 21, 2024, Change Healthcare experienced serious system outages due to a cyberattack. The incident led.....

SQL Injection

opencart/opencart is vulnerable to SQL Injection. The vulnerability is due to insufficient validation in the Divido payment extension, allowing an anonymous unauthenticated user to exploit SQL injection to gain unauthorized access to the backend...

Amazon Linux 2023 : golang, golang-bin, golang-misc (ALAS2023-2024-646)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-646 advisory. The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file...

Amazon Linux 2 : golang (ALAS-2024-2576)

The version of golang installed on the remote host is prior to 1.22.4-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2576 advisory. The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip...

FreeBSD : emacs -- Arbitrary shell code evaluation vulnerability (4f6c4c07-3179-11ef-9da5-1c697a616631)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 4f6c4c07-3179-11ef-9da5-1c697a616631 advisory. GNU Emacs developers report: Emacs 29.4 is an emergency bugfix release intended to fix a security...

Exploit for SQL Injection in Opencart

CVE-2024-21514 PoC and Bulk Scanner...

Malicious code in openstad-component-forms (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (ce99b034a6f67b0bd613755012e00352d254a5b438c7d65a687a2e2e2458cd7e) The OpenSSF Package Analysis project identified 'openstad-component-forms' @ 1.0.0 (npm) as malicious. It is considered malicious because: The...

SQL injection in opencart

This affects versions of the package opencart/opencart from 0.0.0. An SQL Injection issue was identified in the Divido payment extension for OpenCart, which is included by default in version 3.0.3.9. As an anonymous unauthenticated user, if the Divido payment module is installed (it does not have.....

SQL injection in opencart

This affects versions of the package opencart/opencart from 0.0.0. An SQL Injection issue was identified in the Divido payment extension for OpenCart, which is included by default in version 3.0.3.9. As an anonymous unauthenticated user, if the Divido payment module is installed (it does not have.....

CVE-2024-21514

This affects versions of the package opencart/opencart from 0.0.0. An SQL Injection issue was identified in the Divido payment extension for OpenCart, which is included by default in version 3.0.3.9. As an anonymous unauthenticated user, if the Divido payment module is installed (it does not have.....

CVE-2024-21514

This affects versions of the package opencart/opencart from 0.0.0. An SQL Injection issue was identified in the Divido payment extension for OpenCart, which is included by default in version 3.0.3.9. As an anonymous unauthenticated user, if the Divido payment module is installed (it does not have.....

CVE-2024-21514

This affects versions of the package opencart/opencart from 0.0.0. An SQL Injection issue was identified in the Divido payment extension for OpenCart, which is included by default in version 3.0.3.9. As an anonymous unauthenticated user, if the Divido payment module is installed (it does not have.....

CVE-2024-21514

This affects versions of the package opencart/opencart from 0.0.0. An SQL Injection issue was identified in the Divido payment extension for OpenCart, which is included by default in version 3.0.3.9. As an anonymous unauthenticated user, if the Divido payment module is installed (it does not have.....

CVE-2024-5346

The Flatsome theme for WordPress is vulnerable to Stored Cross-Site Scripting via the UX Countdown, Video Button, UX Video, UX Slider, UX Sidebar, and UX Payment Icons shortcodes in all versions up to, and including, 3.18.7 due to insufficient input sanitization and output escaping on user...

CVE-2024-5346

The Flatsome theme for WordPress is vulnerable to Stored Cross-Site Scripting via the UX Countdown, Video Button, UX Video, UX Slider, UX Sidebar, and UX Payment Icons shortcodes in all versions up to, and including, 3.18.7 due to insufficient input sanitization and output escaping on user...

CVE-2024-5346 Flatsome | Multi-Purpose Responsive WooCommerce Theme <= 3.18.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Shortcodes

The Flatsome theme for WordPress is vulnerable to Stored Cross-Site Scripting via the UX Countdown, Video Button, UX Video, UX Slider, UX Sidebar, and UX Payment Icons shortcodes in all versions up to, and including, 3.18.7 due to insufficient input sanitization and output escaping on user...

FreeBSD : traefik -- Azure Identity Libraries Elevation of Privilege Vulnerability (82830965-3073-11ef-a17d-5404a68ad561)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 82830965-3073-11ef-a17d-5404a68ad561 advisory. The traefik authors report: There is a vulnerability in Azure Identity Libraries...

First million breached Ticketmaster records released for free

The cybercriminal acting under the name "Sp1d3r" gave away the first 1 million records that are part of the data set that they claimed to have stolen from Ticketmaster/Live Nation. The files were released without a price, for free. When Malwarebytes Labs first learned about this data breach, it...

CVE-2022-45803

Missing Authorization vulnerability in Nikolay Strikhar WordPress Form Builder Plugin – Gutenberg Forms.This issue affects WordPress Form Builder Plugin – Gutenberg Forms: from n/a through...

CVE-2022-45803

Missing Authorization vulnerability in Nikolay Strikhar WordPress Form Builder Plugin – Gutenberg Forms.This issue affects WordPress Form Builder Plugin – Gutenberg Forms: from n/a through...

CVE-2022-45803 WordPress Gutenberg Forms plugin <= 2.2.8.3 - Auth. Broken Access Control vulnerability

Missing Authorization vulnerability in Nikolay Strikhar WordPress Form Builder Plugin – Gutenberg Forms.This issue affects WordPress Form Builder Plugin – Gutenberg Forms: from n/a through...

CVE-2022-45803 WordPress Gutenberg Forms plugin <= 2.2.8.3 - Auth. Broken Access Control vulnerability

Missing Authorization vulnerability in Nikolay Strikhar WordPress Form Builder Plugin – Gutenberg Forms.This issue affects WordPress Form Builder Plugin – Gutenberg Forms: from n/a through...

Insecure Deserialization

typo3/cms is vulnerable to Insecure Deserialization. The vulnerability is due to the execution of source code from Phar files when they are invoked. Due to missing sanitization of user input, attackers can upload obfuscated Phar files ("bundle.txt") and manipulate URLs in TYPO3 backend forms to...

PCI DSS 4.0.1: New Clarifications on Client-Side Security – What You Need to Know

As a leading provider of web application and API security solutions, Imperva is committed to helping merchants, payment processors, and anyone seeking to comply with the latest PCI DSS requirements. We previously discussed the changes introduced in PCI DSS 4.0. This blog will cover the...

FreeBSD : chromium -- multiple security fixes (007e7e77-2f06-11ef-8a0f-a8a1599412c6)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 007e7e77-2f06-11ef-8a0f-a8a1599412c6 advisory. Chrome Releases reports: This update includes 6 security fixes: Tenable has extracted the...

FreeBSD : openvpn -- two security fixes (142c538e-b18f-40a1-afac-c479effadd5c)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 142c538e-b18f-40a1-afac-c479effadd5c advisory. Gert Doering reports that OpenVPN 2.6.11 fixes two security bugs (three on Windows):...

FreeBSD : qt5-webengine -- Multiple vulnerabilities (aa2b65e4-2f63-11ef-9cab-4ccc6adda413)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the aa2b65e4-2f63-11ef-9cab-4ccc6adda413 advisory. Backports for 5 security bugs in Chromium: Tenable has extracted the preceding description...

FreeBSD : qt6-webengine -- Multiple vulnerabilities (c5415838-2f52-11ef-9cab-4ccc6adda413)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the c5415838-2f52-11ef-9cab-4ccc6adda413 advisory. Qt qtwebengine-chromium repo reports: Backports for 7 security bugs in Chromium: Tenable has...