WordPress Bitcoin Payments – Blockonomics Security Vulnerabilities
7.1AI Score
-0.2AI Score
7.1AI Score
7.1AI Score
0.1AI Score
0.3AI Score
-1AI Score
SA-CONTRIB-2013-002 - Payment - Access Bypass
Payment enables other modules to make payments using a variety of payment processing services. The module incorrectly grants access when checking if a user can view payments, allowing a user to access the payments of other users. CVE identifier(s) issued CVE-2013-0182 Versions affected ...
6.7AI Score
0.002EPSS
How to Fail at Corporate Fraud
Working with forensics experts from the FBI, Ernst & Young’s Fraud Investigation and Dispute Services Practice developed a piece of linguistic, fraud-monitoring software that identified language commonly used among employees engaged in corporate malfeasance. The accounting giant plans to offer...
1.3AI Score
Threat Outbreak Alert: Fake Product Order Email Messages on February 26, 2014
Medium Alert ID: 27710 First Published: 2012 December 21 18:20 GMT Last Updated: 2014 February 27 13:02 GMT Version: 79 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain a product order quote for the recipient. The text in the email...
0.6AI Score
0.7AI Score
0.1AI Score
-0.2AI Score
SMS Extortion Trojan Targeting Apple Machines
In yet another blow to the tenuous false sense of security among Apple users, the Russian antivirus firm Dr. Web has uncovered what it claims is a first-of-its-kind fake installer Trojan targeting Mac machines and extorting their users with SMS fraud. Trojan.SMSSend.3666 is the Mac variant within.....
1AI Score
7.1AI Score
-0.1AI Score
AI Score
7.1AI Score
Tor-Powered Botnet Linked to Malware Coder's AMA on Reddit
In the process of analyzing a seemingly new and fairly small botnet called Skynet, Rapid7 security researchers determined that this was precisely the same network described by its creator in a particularly bold ‘Ask Me Anything’ (AMA) on the social news site Reddit earlier this year. Claudio...
-0.4AI Score
SimpleInvoices 2011.1 Cross-Site-Scripting (XSS) Vulnerabilities CVE-2012-4932
Overview SimpleInvoices 2011.1 is vulnerable to Cross-site Scripting (XSS). Software Description Simple Invoices is a free, open source, web based invoicing system that you can install on your server/pc or have hosted by one of our services providers. Vulnerability Overview The vulnerabilities POC....
-0.1AI Score
0.001EPSS
AI Score
0.001EPSS
New Accounting System Hack Could Cause 'Mayhem'
Attacks against massive and proprietary enterprise accounting systems, in particular financial software such as SAP and Oracle, have been few and far between. That changed at this week’s Black Hat Abu Dhabi conference where a pair of researchers presented proof-of-concept code that could change...
0.6AI Score
Twitter Resolves SMS Bug (For Some Users)
UPDATE–A day after an independant security researcher disclosed a vulnerability in SMS-enabled Twitter accounts, the social network giant announced it’s fixed the flaw – at least for some users. Those who use a “long code” and/or cannot use a PIN code remain at risk. The update came Tuesday...
0.7AI Score
-0.4AI Score
-0.1AI Score
0.2AI Score
-0.5AI Score
-0.3AI Score
7.1AI Score
7.1AI Score
-0.4AI Score
-0.2AI Score
7.1AI Score
-0.1AI Score
7.1AI Score
Operation High Roller Now Targets Europe's SEPA Network and Large US Bank
The criminals behind Operation High Roller, a complex wire-fraud scheme that has scammed high-end banking customers out of millions, have added a new dimension of automation to their attacks and expanded their efforts beyond Europe and have targeted a major U.S. bank. Researchers at McAfee...
0.8AI Score
The PayPal Payments Pro module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to....
6.4AI Score
0.001EPSS
Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle...
6.6AI Score
0.002EPSS
Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or...
6.2AI Score
0.001EPSS
PayPal Payments Standard PHP Library before 20120427 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate,.....
6.8AI Score
0.001EPSS
Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or...
6.4AI Score
0.001EPSS
PayPal Payments Standard PHP Library 20120427 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related....
6.6AI Score
0.001EPSS
Amazon Flexible Payments Service (FPS) PHP Library does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate,...
6.6AI Score
0.001EPSS
Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle...
6.8AI Score
0.002EPSS
Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle...
6.3AI Score
0.002EPSS
Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or...
8.3AI Score
0.001EPSS
PayPal Payments Standard PHP Library before 20120427 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate,.....
6.6AI Score
0.001EPSS
Amazon Flexible Payments Service (FPS) PHP Library does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate,...
6.8AI Score
0.001EPSS
PayPal Payments Standard PHP Library 20120427 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related....
6.8AI Score
0.001EPSS
PayPal Payments Standard PHP Library before 20120427 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate,.....
7.1AI Score
0.001EPSS