Online Banking Security Vulnerabilities

CVE-2022-40113

Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at...

CVE-2022-40115

Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at...

CVE-2022-40116

Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the search parameter at...

CVE-2022-40117

Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at...

CVE-2022-40120

Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the search_term parameter at...

CVE-2022-40121

Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the search parameter at...

CVE-2022-40122

Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at...

CVE-2022-40118

Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at...

CVE-2022-40114

Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at...

CVE-2022-40119

Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the search_term parameter at...

CVE-2022-27991

Online Banking System in PHP v1 was discovered to contain multiple SQL injection vulnerabilities at /staff_login.php via the Staff ID and Staff Password...

CVE-2022-28116

Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the id...

CVE-2022-25494

Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via...

CVE-2022-23363

Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via...

CVE-2018-15756

Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controller....

CVE-2018-11040

Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser...

CVE-2017-5645

In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary...

CVE-2012-1020

Multiple cross-site scripting (XSS) vulnerabilities in login.php in NexorONE Online Banking allow remote attackers to inject arbitrary web script or HTML via the (1) visitor_language parameter to register.php or (2) message...

CVE-2008-1893

PHP remote file inclusion vulnerability in index.php in W2B Online Banking allows remote attackers to execute arbitrary PHP code via a URL in the ilang...

CVE-2007-3175

Multiple SQL injection vulnerabilities in W2B Online Banking allow remote attackers to execute arbitrary SQL commands via (1) the draft parameter to mailer.w2b or (2) the listDocPay parameter to...

CVE-2007-3174

Cross-site scripting (XSS) vulnerability in auth.w2b in W2B Online Banking allows remote attackers to inject arbitrary web script or HTML via the adtype parameter, a different vector than...

CVE-2006-1980

Cross-site scripting (XSS) vulnerability in W2B Online Banking allows remote attackers to inject arbitrary web script or HTML via the (1) query string, (2) SID parameter, or (3) ilang...

CVE-2005-2779

The iTAN Online-Banking Security System allows remote attackers to obtain TAN numbers via a man-in-the-middle (MITM) attack while the transaction is taking place, which facilitates a "phishing"...