The PayPal Pro PayFlow EC module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid...
6.7AI Score
0.001EPSS
The PayPal Pro PayFlow EC module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid...
6.5AI Score
0.001EPSS
The PayPal module in PrestaShop does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the....
6.6AI Score
0.001EPSS
The PayPal Payments Pro module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to....
6.4AI Score
0.001EPSS
The PayPal module in PrestaShop does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the....
6.8AI Score
0.001EPSS
The PayPal Payments Pro module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to....
6.7AI Score
0.001EPSS
The PayPal IPN functionality in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, a different.....
6.6AI Score
0.001EPSS
The PayPal IPN functionality in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, a different.....
6.3AI Score
0.001EPSS
PayPal WPS ToolKit does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid...
6.5AI Score
0.001EPSS
PayPal WPS ToolKit does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid...
6.7AI Score
0.001EPSS
CS-Cart before 3.0.6, when PayPal Standard Payments is configured, allows remote attackers to set the payment recipient via a modified value of the merchant's e-mail address, as demonstrated by setting the recipient to one's...
6.6AI Score
0.002EPSS
CS-Cart before 3.0.6, when PayPal Standard Payments is configured, allows remote attackers to set the payment recipient via a modified value of the merchant's e-mail address, as demonstrated by setting the recipient to one's...
7AI Score
0.002EPSS
Unknown vulnerability in the "admin of paypal email addresses" in AudienceConnect before 1.0.beta.21 has unknown impact and attack...
6.5AI Score
0.002EPSS
Unknown vulnerability in the "admin of paypal email addresses" in AudienceConnect before 1.0.beta.21 has unknown impact and attack...
6.9AI Score
0.002EPSS
Sichuan Tianyi Kanghe Communication Co., Ltd. TY-6201A has a logic flaw vulnerability
TY-6201A is a cost-effective full-band Wi-Fi6-enabled wireless router. Ltd. TY-6201A has a logic flaw vulnerability, which can be exploited by attackers to request specific paths via POST to achieve permissionless password...
4.7AI Score
Sichuan Tianyi Kanghe Communication Co., Ltd. TY-6201A has information leakage vulnerability
TY-6201A is a cost-effective full-band Wi-Fi6-enabled wireless router. Ltd. TY-6201A has an information disclosure vulnerability, which can be exploited by attackers to obtain sensitive...
2.8AI Score
6.5CVSS
6.6AI Score
0.001EPSS
Exploit for Cross-site Scripting in Helpsystems Cobalt Strike
CVE-2022-39197 patch CVE-2022-39197 Cobalt Strike XSS...
6.1CVSS
6.5AI Score
0.008EPSS
Authorities Shut Down WT1SHOP Site for Selling Stolen Credentials and Credit Cards
An international law enforcement operation has resulted in the dismantling of WT1SHOP, an online criminal marketplace that specialized in the sales of stolen login credentials and other personal information. The seizure was orchestrated by Portuguese authorities, with the U.S. officials taking...
1.6AI Score
Clever Phishing Scam Uses Legitimate PayPal Messages
Brian Krebs is reporting on a clever PayPal phishing scam that uses legitimate PayPal messaging. Basically, the scammers use the PayPal invoicing system to send the email. The email lists a phone number to dispute the charge, which is not PayPal and quickly turns into a request to download and...
2.2AI Score
Command Execution Vulnerability in SmoothT Proprietary Cloud
SmoothT Proprietary Cloud is a cloud ERP system that integrates the whole scenario of doing business, managing business, and watching business. A command execution vulnerability exists in SmoothT Proprietary Cloud, which can be exploited by attackers to execute arbitrary...
4.6AI Score
Exploit for Improper Authentication in Linux Linux Kernel
CVE-2022-0492-Container-Escape...
7.8CVSS
8.4AI Score
0.095EPSS
Learning Pass is a course learning, knowledge dissemination and management sharing platform built on a microservice architecture. Beijing Century Super Star Information Technology Development Co., Ltd. has a stored XSS vulnerability, which can be used by attackers to obtain sensitive information...
2.4AI Score
Exploit for Expression Language Injection in Vmware Spring Cloud Gateway
CVE-2022-22947 内存马注入 支持注入三类内存马 ``` Usage: usage -t ...
10CVSS
10AI Score
0.975EPSS
7.5CVSS
7.6AI Score
0.303EPSS
PayPal Phishing Scam Uses Invoices Sent Via PayPal
Scammers are using invoices sent through PayPal.com to trick recipients into calling a number to dispute a pending charge. The missives -- which come from Paypal.com and include a link at Paypal.com that displays an invoice for the supposed transaction -- state that the user's account is about to.....
-0.2AI Score
Zimbra Collaboration Suite 8.8.15/9.0 - Remote Code Execution
Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. By bypassing authentication (i.e., not having an authtoken), an attacker can upload arbitrary files to the system, leading to directory traversal and remote code...
9.8CVSS
9AI Score
0.975EPSS
Two more malicious Python packages in the PyPI
On August 8, CheckPoint published a report on ten malicious Python packages in the Python Package Index (PyPI), the most popular Python repository among software developers. The malicious packages were intended to steal developers' personal data and credentials. Following this research, we used...
-0.1AI Score
RedGuard - C2 Front Flow Control Tool, Can Avoid Blue Teams, AVs, EDRs Check
0x00 Introduction Tool introduction RedGuard is a derivative work of the C2 facility pre-flow control technology. It has a lighter design, efficient flow interaction, and reliable compatibility with go language development. The core problem it solves is also in the face of increasingly complex red....
6.5AI Score
Xiaomi Phones with MediaTek Chips Found Vulnerable to Forged Payments
Security flaws have been identified in Xiaomi Redmi Note 9T and Redmi Note 11 models, which could be exploited to disable the mobile payment mechanism and even forge transactions via a rogue Android app installed on the devices. Check Point said it found the flaws in devices powered by MediaTek...
7.5CVSS
0.9AI Score
0.001EPSS
Cybersecurity and PR: Making Data Protection Public
The customer cares Customers regularly see news about privacy and hacking, and they want to know that it’s safe for them to give over their personal data. A lack of trust in an eCommerce site is a leading reason why potential customers abandon their shopping carts. Consumers have no shortage of...
-0.1AI Score
セキュリティ更新プログラム ガイドの通知システム : 今すぐプロファイルを作成しましょう
本ブログは、Security Update Guide Notification System News: Create your profile now の抄訳版です。最新の情報は原文を参照してください。...
1.1AI Score
Exploit for Stack-based Buffer Overflow in Sonicwall Sma 200 Firmware
SonicWallSSL-VPN_......
9.8CVSS
9.8AI Score
0.942EPSS
Exploit for Stack-based Buffer Overflow in Sonicwall Sma 200 Firmware
SonicWallSSL-VPN_......
9.8CVSS
9.8AI Score
0.942EPSS
Authenticated IDOR vulnerability in StoreApps Affiliate For WooCommerce premium plugin <= 4.7.0 at WordPress allows an attacker to change the PayPal email. WooCommerce PayPal Payments plugin (free) should be at least installed to get the extra input field on the user profile...
6.5CVSS
0.001EPSS
Authenticated IDOR vulnerability in StoreApps Affiliate For WooCommerce premium plugin <= 4.7.0 at WordPress allows an attacker to change the PayPal email. WooCommerce PayPal Payments plugin (free) should be at least installed to get the extra input field on the user profile...
6.5CVSS
6.3AI Score
0.001EPSS
Authenticated IDOR vulnerability in StoreApps Affiliate For WooCommerce premium plugin <= 4.7.0 at WordPress allows an attacker to change the PayPal email. WooCommerce PayPal Payments plugin (free) should be at least installed to get the extra input field on the user profile...
6.5CVSS
6.4AI Score
0.001EPSS
Exploit for Expression Language Injection in Vmware Spring Cloud Gateway
CVE-2022-22947 CVE-2022-22947简介 Spring Cloud Gateway...
10CVSS
9.9AI Score
0.975EPSS
7.8CVSS
8.1AI Score
0.006EPSS
Malicious code in pplogger-paypal (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (2f79d96a39bd0701b0be053e0cad25703bda81b63b17638a10a26a1e023a91d1) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
Affiliate For WooCommerce < 4.8.0 - Subscriber+ Paypal Email Update via IDOR
The plugin allows users with a role as low as subscriber to change the PayPal Email via an IDOR attack when the WooCommerce PayPal Payments plugin is also...
6.5CVSS
4.7AI Score
0.001EPSS
Huatian Power OA system arbitrary file upload vulnerability
Huatian Dynamics OA System is a collaborative office software developed by Dalian Huatian Software Co. There is an arbitrary file upload vulnerability in Huatian Power OA system, which can be exploited by attackers to upload arbitrary files to the...
5.2AI Score
Authenticated IDOR vulnerability in StoreApps Affiliate For WooCommerce premium plugin <= 4.7.0 at WordPress allows an attacker to change the PayPal email. WooCommerce PayPal Payments plugin (free) should be at least installed to get the extra input field on the user profile...
6.4CVSS
6.6AI Score
0.001EPSS
Authenticated IDOR vulnerability leading to PayPal email change discovered by Vlad Vector (Patchstack) in WordPress Affiliate For WooCommerce premium plugin (versions <= 4.7.0). Solution Update the WordPress Affiliate For WooCommerce plugin to the latest available version (at least...
6.5CVSS
4.4AI Score
0.001EPSS
CSRF vulnerability exists in modifying user information (including password)
Description Csrf vulnerability in user information modification page # Proof of Concept In \app\home\c\UserController $re = M('member')->update(['id'=>$this->member['id']],$w); $member = M('member')->find(['id'=>$this->member['id']]); unset($member['pass']); ...
1.2AI Score
Breach Exposes Users of Microleaves Proxy Service
Microleaves, a ten-year-old proxy service that lets customers route their web traffic through millions of Microsoft Windows computers, recently fixed a vulnerability in their website that exposed their entire user database. Microleaves claims its proxy software is installed with user consent, but.....
-0.3AI Score
Messaging Apps Tapped as Platform for Cybercriminal Activity
Cybercriminals are tapping the built-in services of popular messaging apps like Telegram and Discord as ready-made platforms to help them perform their nefarious activity in persistent campaigns that threaten users, researchers have found. Threat actors are tapping the multi-feature nature of...
-0.3AI Score
Malicious code in hyperwallet-sdk-paypal (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (8c07de9253a4872758b8cb7ec4ec1694ce3105498eef8312573d0eb7ff5daeb1) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
Phishing Attacks Skyrocket with Microsoft and Facebook as Most Abused Brands
The bloom is back on phishing attacks with criminals doubling down on fake messages abusing popular brands compared to the year prior. Microsoft, Facebook and French bank Crédit Agricole are the top abused brands in attacks, according to study on phishing released Tuesday. The study by Vade...
0.5AI Score
Four Main Reasons Shoppers Abandon eCommerce Carts
More than just window shopping eCommerce shopping cart abandonment causes brands a sobering USD 18 Billion in annual revenue [Forrester Research]. While rates differ by device, with mobile and tablet device users most likely to leave before completing their order, nearly 70 percent of shoppers...
-0.6AI Score