0.2AI Score
0.1AI Score
7.1AI Score
7.4AI Score
7.4AI Score
0.4AI Score
7.1AI Score
SAS Hotel Management System - notfound SQL Injection
SAS Hotel Management System - notfound SQL...
0.2AI Score
0.8AI Score
7.1AI Score
7.4AI Score
EPSS
iScripts eSwap 2.0 - SQL Injection Cross-Site Scripting
iScripts eSwap 2.0 - SQL Injection Cross-Site...
0.7AI Score
Scammers and phishers are continuing to adapt their recruitment tactics, now going so far as to create special Facebook groups for their work-at-home scams. Phishers have been using social networks such as Facebook, MySpace and Twitter for years now as fertile hunting grounds not only for new...
-0.3AI Score
Heartland Settles with MasterCard
Heartland Payment Systems has made a third settlement deal, this time with MasterCard, related to a massive data breach two years ago at the card payments processor. As part of the deal, Heartland has agreed to pay as much as $41.1 million to MasterCard issuers that lost money. Read the full...
2AI Score
Visa Says Criminal Group Planning Fraud
Visa is warning financial institutions that it has received reliable intelligence that an organized criminal group plans to attempt to move large amounts of fraudulent payments through a merchant account. Read the full article....
2.6AI Score
Friending HR: A Rich and Mineable Source of Intelligence
One of the most common complaints I hear from information security executives in large organizations is that they are constantly playing defense, not offense. Their network security apparatus is designed to wait for an attack, see if it’s successful and, if it is, to plug the hole, then repeat. ...
-0.4AI Score
Unspecified vulnerability in the PayPal Website Payments Standard functionality in the Ubercart module 5.x before 5.x-1.9 and 6.x before 6.x-2.1 for Drupal, when a custom checkout completion message is enabled, allows attackers to obtain sensitive information via unknown...
6AI Score
0.003EPSS
The PayPal Website Payments Standard functionality in the Ubercart module 5.x before 5.x-1.9 and 6.x before 6.x-2.1 for Drupal does not properly validate orders, which allows remote attackers to trigger unspecified "duplicate actions" via unknown...
6.7AI Score
0.004EPSS
Unspecified vulnerability in the PayPal Website Payments Standard functionality in the Ubercart module 5.x before 5.x-1.9 and 6.x before 6.x-2.1 for Drupal, when a custom checkout completion message is enabled, allows attackers to obtain sensitive information via unknown...
6.2AI Score
0.003EPSS
The PayPal Website Payments Standard functionality in the Ubercart module 5.x before 5.x-1.9 and 6.x before 6.x-2.1 for Drupal does not properly validate orders, which allows remote attackers to trigger unspecified "duplicate actions" via unknown...
6.9AI Score
0.004EPSS
Unspecified vulnerability in the PayPal Website Payments Standard functionality in the Ubercart module 5.x before 5.x-1.9 and 6.x before 6.x-2.1 for Drupal, when a custom checkout completion message is enabled, allows attackers to obtain sensitive information via unknown...
6.5AI Score
0.003EPSS
The PayPal Website Payments Standard functionality in the Ubercart module 5.x before 5.x-1.9 and 6.x before 6.x-2.1 for Drupal does not properly validate orders, which allows remote attackers to trigger unspecified "duplicate actions" via unknown...
7.3AI Score
0.004EPSS
The PayPal Website Payments Standard functionality in the Ubercart module 5.x before 5.x-1.9 and 6.x before 6.x-2.1 for Drupal does not properly validate orders, which allows remote attackers to trigger unspecified "duplicate actions" via unknown...
6.7AI Score
0.004EPSS
Unspecified vulnerability in the PayPal Website Payments Standard functionality in the Ubercart module 5.x before 5.x-1.9 and 6.x before 6.x-2.1 for Drupal, when a custom checkout completion message is enabled, allows attackers to obtain sensitive information via unknown...
6AI Score
0.003EPSS
-0.1AI Score
Queries Microsoft SQL Server (ms-sql) for a list of tables per database. SQL Server credentials required: Yes (use ms-sql-brute, ms-sql-empty-password and/or mssql.username & mssql.password) Run criteria: Host script: Will run if the mssql.instance-all, mssql.instance-name or...
9.8CVSS
-0.2AI Score
0.973EPSS
Chip and PIN Security Completely Broken by New Attack
A group of researchers has found a significant flaw in the chip-and-PIN security system used by credit card companies in the UK. The weakness allows an attacker to use a card without the PIN associated with it. In a normal transaction using the chip-and-PIN system, the cardholder needs to enter a.....
0.3AI Score
SA-CONTRIB-2009-107 - Ubercart - Access bypass, Cross site request forgery
Ubercart's PayPal Website Payments Standard integration exposes a path for completed orders without properly checking that the order is valid for the current user. In the event that the order has already been processed for checkout, this can result in duplicate actions taking place inadvertently......
6.3AI Score
UK Police Warn Job Seekers to Avoid Being Money Mules
The Serious Organised Crime Agency (Soca) says websites are currently being used to recruit “money mules”. The “mules” are ordinary people who send and receive payments through their bank accounts to facilitate business. But in reality, the cash has been laundered from crime, leaving unwitting...
1.4AI Score
Verizon Wireless Customers Beware of Trojan Horse
Cyber-criminals have started preying on Verizon Wireless customers, sending out spam e-mail messages that say their accounts are over the limit and offering them a “balance checker” program to review their payments. The e-mail messages, which look like they come from Verizon Wireless, are fakes;...
2.1AI Score
Inside the Pay-Per-Install Malware Economy
Stevens provides considerable details on the methods and tools used by cyber-criminals, the seedboxes and crypters that are used to get around anti-malware detection and the clever black hat SEO (Search Engine Optimization) techniques used in social engineering attacks. An example of one affiliate....
1.9AI Score
Researcher Banished For Showing How to Hack PayPal
PayPal suspended the account of a white-hat hacker on Tuesday, a day after someone used his research into website authentication to publish a counterfeit certificate for the online payment processor. “Under the Acceptable Use Policy, PayPal may not be used to send or receive payments for items...
1.9AI Score
Multiple SQL injection vulnerabilities in Qsoft K-Rate Premium allow remote attackers to execute arbitrary SQL commands via (1) the $id variable in admin/includes/dele_cpac.php, (2) $ord[order_id] variable in payments/payment_received.php, (3) $id variable in includes/functions.php, and (4)...
9.3AI Score
0.002EPSS
Multiple SQL injection vulnerabilities in Qsoft K-Rate Premium allow remote attackers to execute arbitrary SQL commands via (1) the $id variable in admin/includes/dele_cpac.php, (2) $ord[order_id] variable in payments/payment_received.php, (3) $id variable in includes/functions.php, and (4)...
8.8AI Score
0.002EPSS
Multiple SQL injection vulnerabilities in Qsoft K-Rate Premium allow remote attackers to execute arbitrary SQL commands via (1) the $id variable in admin/includes/dele_cpac.php, (2) $ord[order_id] variable in payments/payment_received.php, (3) $id variable in includes/functions.php, and (4)...
8.5AI Score
0.002EPSS
Multiple SQL injection vulnerabilities in Qsoft K-Rate Premium allow remote attackers to execute arbitrary SQL commands via (1) the $id variable in admin/includes/dele_cpac.php, (2) $ord[order_id] variable in payments/payment_received.php, (3) $id variable in includes/functions.php, and (4)...
8.5AI Score
0.002EPSS
New Security Standards for Mobile Payments Coming
From SC Magazine (Angela Moscaritolo) A financial services technology group is developing standards for making secure mobile payment transactions. The goal of the project, an effort of the Financial Services Technology Consortium (FSTC), is to develop standards and processes so that banking...
1.8AI Score
Data-sniffing attack costs Heartland $12.6m
From The Register (Dan Goodin) Electronic payments processor Heartland Payment Systems said Thursday it has allocated $12.6m to cover a security breach that exposed sensitive card holder data crossing its network. More than half that amount involves a fine MasterCard has assessed banks that did...
1AI Score
-0.3AI Score
7.1AI Score
0.3AI Score
7.1AI Score
7.4AI Score
EPSS
AShop Deluxe 4.x (catalogue.php cat) Remote SQL Injection Exploit
No description provided by...
7.1AI Score
-0.3AI Score
0.1AI Score
7.4AI Score
EPSS
AShop Deluxe 4.x (catalogue.php cat) Remote SQL Injection Exploit
Exploit for unknown platform in category web...
7.1AI Score
[ECHO_ADV_98$2008] Pre Ads Portal <= 2.0 Sql Injection Vulnerability
ECHO_ADV_98$2008 [ECHO_ADV_98$2008] Pre Ads Portal <= 2.0 Sql Injection Vulnerability Author : M.Hasran Addahroni Date : June, 13 th 2008 Location : Jakarta, Indonesia Web : http://e-rdc.org/v1/news.php?readmore=98 Critical Lvl : Medium Impact : System...
0.1AI Score
7.1AI Score