820 matches found
BSI Hotel Booking System Admin 1.42.0 - Authentication Bypass
BSI Hotel Booking System Admin 1.42.0 - Authentication Bypass ----------------------------------------------------------------------------------------- ECHOADV113$2010 BSI Hotel Booking System Admin Login Bypass Vulnerability...
THQ.com SQL Injection
This is pretty much because I want to embarrass these assholes. See: http://gamepolitics.com/2010/06/14/exec-thq-anti-used-game-initiative-could-make-everyone-happy SQLi 1: http://www.thq.com/us/mythq/register?contentType=GAMEALERT&alertGame='4896 This one is pretty obvious. It's an injection via...
Wyndham Hotels Hit Again By Hackers
Hackers broke into computer systems at Wyndham Hotels & Resorts recently, stealing sensitive customer data. The break-in occurred between late October 2009 and January 2010, when it was finally discovered. This is the third data breach reported by Wyndham in the past year. Read the full article...
CVE-2009-4236
The process function in data/class/pages/admin/customer/LCPageAdminCustomerSearchCustomer.php in EC-CUBE Ver2 2.4.0 RC1 through 2.4.1, and Community Edition r18068 through r18428, allows remote attackers to obtain sensitive information customer data via unknown vectors related to sessions...
Design/Logic Flaw
The process function in data/class/pages/admin/customer/LCPageAdminCustomerSearchCustomer.php in EC-CUBE Ver2 2.4.0 RC1 through 2.4.1, and Community Edition r18068 through r18428, allows remote attackers to obtain sensitive information customer data via unknown vectors related to sessions...
CVE-2009-4236
The process function in data/class/pages/admin/customer/LCPageAdminCustomerSearchCustomer.php in EC-CUBE Ver2 2.4.0 RC1 through 2.4.1, and Community Edition r18068 through r18428, allows remote attackers to obtain sensitive information customer data via unknown vectors related to sessions...
HSBC Warns of Exposed Customer Info
HSBC Bank says a bug in its imaging software inadvertently exposed sensitive data about some of its customers going through bankruptcy proceedings. Read the full article. Computerworld...
EC-CUBE information disclosure vulnerability
Overview EC-CUBE from LOCKON CO.,LTD. contains an information disclosure vulnerability. EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains an information disclosure vulnerability. Impact A remote attacker may be able to obtain customer data that...
JVN#79762947 EC-CUBE information disclosure vulnerability
EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains an information disclosure vulnerability. Impact A remote attacker may be able to obtain customer data that is saved by EC-CUBE. Solution Update the Software Apply the latest updates provided by...
Real World Security – Andy Weeks Interview
Andy Weeks, manager of risk and compliance for enterprise information security, at Humana Inc., one of the larger companies in the world, knows a thing or two about large-scale security implementations. And in a company whose customer data is one of its main assets, security is a corporate...
Radisson Hotels Report Significant Data Breach
Add the Radisson Hotels & Resorts chain to the growing list of businesses datalossdb.org reporting significant data breaches that exposed sensitive customer data. In an open letter radisson.com to guests, Radisson chief operating officer Fredrik Korallus said the hotel chain’s computer system was...
T-Mobile data on Full Disclosure is real
T-Mobile is now saying that the information that was posted to the Full Disclosure security mailing list this weekend is in fact the company’s data. But the company stopped short of confirming that the anonymous hackers have access to customer data and other sensitive information, as they have...
Employee stole data from Sprint
Sprint has sent letters to thousands of its customers informing them that a former employee compromised their personal account data over the course of two months in 2008 and 2009. Brian Krebs Security Fix says that the company mailed warnings to several thousand customers and that the breach coul...
Charon Cart v3(Review.asp) Remote SQL Injection Vulnerability
Vulnerability Report Title : Charon Cart v3Review.asp Remote SQL Injection Vulnerability Author : ajann Script Page : http://www.charon.co.uk Exploit; http://target/path/Review.asp?ProductID=SQL HERE Example:...
Gentle-killer-cross-site Script attacks-vulnerability warning-the black bar safety net
Gentle-killer-cross-site Script attack · Translation:Billi·transfer from CPCW The first part: cross-site SCRIPT attacks in several ways: Whenever we think of hackers, a hacker is often such a portrait: a lonely man, snuck into someone else's server, destroying or stealing someone else's secret...
Hardened-PHP Project Security Advisory 2005-23.105
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hardened PHP Project www.hardened-php.net -= Security Advisory =- Advisory: Multiple vulnerabilities in vTiger CRM Release Date: 2005/11/24 Last Modified: 2005/11/24 Author: Christopher Kunz Application: vTiger 4.2 and prior Severity: Cross-Site...
Midicart ASP - Remote Customer Information Retrieval
Midicart ASP - Remote Customer Information Retrieval source: https://www.securityfocus.com/bid/5438/info Midicart ASP is a commercially available e-commerce solution distributed by Coxco Support. It is available for the Microsoft Windows operating system. The default installation of Midicart ASP...
CVE-1999-1374
perlshop.cgi shopping cart program stores sensitive customer information in directories and files that are under the web root, which allows remote attackers to obtain that information via an HTTP request...
DC Scripts DCShop Beta 1.0 02 - File Disclosure (2)
source: https://www.securityfocus.com/bid/2889/info DCShop is a GCI-based ecommerce system from DCScripts. Under certain configurations, a beta version of this product can allow a remote user to request and obtain files containing confidential order data, including credit card and other private...
shopping.cart.cc.data.txt
Date: Mon, 19 Apr 1999 20:05:18 -0700 From: Joe To: [email protected] Subject: Shopping Carts exposing CC data Tomorrow April 20 1999 CNet's news.com should be running a story regarding various commercial and freeware shopping carts that, when installed incorrectly or when installed by amateur...