EUVD-2022-27688

Malicious code in bioql PyPI...

UK Health Club Chain ‘Total Fitness’ Data Leak Exposes KYC and Card Data

UK-based health and fitness chain Total Fitness suffered a significant data breach leaving member photos, names, and even bank details vulnerable online. Learn how to protect yourself and what went wrong at Total Fitness...

CVE-2023-6966

The The Moneytizer plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on multiple AJAX functions in the /core/coreajax.php file in all versions up to, and including, 9.6.3. This makes it possible for...

CVE-2023-6966

The Moneytizer WordPress plugin (The Moneytizer) is vulnerable in versions up to 9.5.20 due to a missing capability check in core_ajax.php across multiple AJAX functions. This allows authenticated users with subscriber privileges and higher to view/update billing and bank details, adjust plugin s...

CVE-2023-6968 The Moneytizer <= 9.6.3 - Cross-Site Request Forgery via multiple AJAX actions

The The Moneytizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 9.6.3. This is due to missing or incorrect nonce validation on multiple AJAX functions. This makes it possible for unauthenticated attackers to to update and retrieve billing...

The Moneytizer <= 9.5.20 - Missing Authorization via multiple AJAX actions

Description The The Moneytizer plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on multiple AJAX functions in the /core/coreajax.php file in all versions up to, and including, 9.5.20. This makes it possible...

PT-2024-15150 · WordPress · The Moneytizer

Name of the Vulnerable Software and Affected Versions: The Moneytizer plugin for WordPress versions up to, and including, 9.5.20 Description: The issue is due to missing or incorrect nonce validation on multiple AJAX functions, making it possible for unauthenticated attackers to update and retrie...

CVE-2023-49658

Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'bankdetails' parameter of the partysubmit.php resource does not validate the characters received and they are sent unfiltered to the database...

PT-2024-13776 · Billing · Billing

Name of the Vulnerable Software and Affected Versions: Billing Software version 1.0 Description: The issue concerns multiple Unauthenticated SQL Injection vulnerabilities. Specifically, the bank details parameter of the "party submit.php" resource does not validate the characters received, and th...

Kashipara Billing Software SQL Injection Vulnerability

Kashipara Billing Software is an application from Kashipara India. A SQL injection vulnerability exists in the v1.0 version of Kashipara Billing Software, which originates when the bankdetails parameter of the partysubmit.php page is processed without filtering the data and sending it to the...

CVE-2022-22542

S/4HANA Supplier Factsheet exposes the private address and bank details of an Employee Business Partner with Supplier Role, AND Enterprise Search for Customer, Supplier and Business Partner objects exposes the private address fields of Employee Business Partners, to an actor that is not explicitl...

Information disclosure

S/4HANA Supplier Factsheet exposes the private address and bank details of an Employee Business Partner with Supplier Role, AND Enterprise Search for Customer, Supplier and Business Partner objects exposes the private address fields of Employee Business Partners, to an actor that is not explicitl...

CVE-2022-22542

S/4HANA Supplier Factsheet exposes the private address and bank details of an Employee Business Partner with Supplier Role, AND Enterprise Search for Customer, Supplier and Business Partner objects exposes the private address fields of Employee Business Partners, to an actor that is not explicitl...

FakeDataGen - Full Valid Fake Data Generator

FakeDataGen is a Full Valid Fake Data Generator. This tool helps you to create fake accounts in Spanish format with fully valid data. Within this information, you can find the most common names, emails, bank details and other useful information. Requirements Python 3 Install requirements.txt...

Spam and phishing in Q2 2021

Quarterly highlights The corporate sector In Q2 2021, corporate accounts continued to be one of the most tempting targets for cybercriminals. To add to the credibility of links in emails, scammers imitated mailings from popular cloud services. This technique has been used many times before. A fak...

Cyber Security advice for Finance staff

Working in the finance team at PTP I’m constantly reminded just how little attention is paid to hacking and cyber crime in accounting and finance training and education. When I was studying for my AAT qualification we did a whole module on finance fraud; our obligations, how to spot fraud, etc. b...

PT-2018-12613 · Thomson Reuters · Thomson Reuters Ultratax Cs

Name of the Vulnerable Software and Affected Versions: Thomson Reuters UltraTax CS version 2017 Description: The software transfers customer records and bank account numbers in cleartext over SMBv2, allowing attackers to obtain sensitive information by sniffing the network or conduct...

DomainFactory Hacked—Hosting Provider Asks All Users to Change Passwords

Besides Timehop, another data breach was discovered last week that affects users of one of the largest web hosting companies in Germany, DomainFactory, owned by GoDaddy. The breach initially happened back in last January this year and just emerged last Tuesday when an unknown attacker himself...

Threat Outbreak Alert RuleID33075: Email Messages Distributing Malicious Software on July 2, 2018

Medium Alert ID: 58325 First Published: 2018 July 3 13:56 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID33075 may contain the following files: Name | Size...

Threat Outbreak Alert RuleID32645: Email Messages Distributing Malicious Software on May 2, 2018

Medium Alert ID: 57714 First Published: 2018 May 2 20:33 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID32645 may contain the following files: Name | Size ...