Lucene search
K

126 matches found

OSV
OSV
added 2023/08/01 7:48 p.m.20 views

GHSA-RRXV-Q8M4-WCH3 .eth registrar controller can shorten the duration of registered names

Description According to the documentation, controllers are allowed to register new domains and extend the expiry of existing domains, but they cannot change the ownership or reduce the expiration time of existing domains. However, a preliminary analysis suggests that an attacker-controlled...

4.9CVSS6AI score0.00681EPSS
Exploits1References5
OSV
OSV
added 2023/07/31 10:15 a.m.4 views

CVE-2022-4888

The Checkout Fields Manager WordPress plugin before 1.0.2, Abandoned Cart Recovery WordPress plugin before 1.2.5, Custom Fields for WooCommerce WordPress plugin before 1.0.4, Custom Order Number WordPress plugin through 1.0.1, Custom Registration Forms Builder WordPress plugin before 1.0.2,...

6.5CVSS5.8AI score0.00313EPSS
Exploits2References1
Hacker One
Hacker One
added 2023/01/28 3:16 a.m.242 views

Stripe: Fee discounts can be redeemed many times, resulting in unlimited fee-free transactions

A fee discount offer on Stripe transactions could be redeemed multiple times, resulting in unlimited fee-free transactions. The vulnerability allowed the attacker to call the /ajax/acceptfeediscountoffer endpoint multiple times, applying the discount each time. The impact was unlimited fee-free...

6.9AI score
Exploits0
HackRead
HackRead
added 2022/12/12 7:50 p.m.19 views

Smartphone Discounts Set To Rocket As Market Slumps

By Owais Sultan In the US, there was a drop in sales of 19% as people stayed on their phones for longer. Globally, smartphone sales are down from 488 million units to 429 million units. This is a post from HackRead.com Read the original post: Smartphone Discounts Set To Rocket As Market Slumps...

1.7AI score
Exploits0
The Hacker News
The Hacker News
added 2022/12/08 10:30 a.m.22 views

Best Year-End Cybersecurity Deals from Uptycs, SANS Institute, and Bitdefender

Looking to up your cybersecurity game in the new year? Do not just buy electronics this vacation season, improve your cybersecurity! The end of the year is a great time to re-evaluate your cybersecurity strategy and make some important investments in protecting your personal and professional data...

6.7AI score
Exploits0
OSV
OSV
added 2022/05/24 5:21 p.m.34 views

GHSA-8WM7-H2QH-FF4C Magento authorization bypass vulnerability

Magento versions 2.3.4 and earlier, 2.2.11 and earlier see note, 1.14.4.4 and earlier, and 1.9.4.4 and earlier have an authorization bypass vulnerability. Successful exploitation could lead to potentially unauthorized product discounts...

7.5CVSS7.4AI score0.05009EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/05/24 5:21 p.m.22 views

Magento authorization bypass vulnerability

Magento versions 2.3.4 and earlier, 2.2.11 and earlier see note, 1.14.4.4 and earlier, and 1.9.4.4 and earlier have an authorization bypass vulnerability. Successful exploitation could lead to potentially unauthorized product discounts...

7.5CVSS7AI score0.05009EPSS
Exploits0References3Affected Software3
Hacker One
Hacker One
added 2022/05/16 9:24 a.m.24 views

TikTok: Create product discounts of any shop

An Insecure Direct Object Reference IDOR vulnerability was found on a TikTok seller endpoint, which could have resulted in any user to create product discounts for shops they did not own. We thank @datph4m for reporting this to our team...

0.5AI score
Exploits0
OSV
OSV
added 2022/01/26 10:9 p.m.36 views

GHSA-54HW-MHGH-X4VC Business Logic Errors in pimcore

In pimcore versions prior to 10.2.9 discounts could be negative resulting in unintended behavior...

4.3CVSS4.3AI score0.008EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2022/01/26 10:9 p.m.39 views

Business Logic Errors in pimcore

In pimcore versions prior to 10.2.9 discounts could be negative resulting in unintended behavior...

4.3CVSS4AI score0.008EPSS
Exploits1References6Affected Software1
Code423n4
Code423n4
added 2021/10/26 12:0 a.m.6 views

Liquidation will never work with non-zero discounts

Handle harleythedog Vulnerability details Impact Right now, there is only one discount profile in the github repo: the "NoDiscountProfile" which does not discount the debt at all. This specific discount profile works correctly, but I claim that any other discount profile will result in liquidatio...

6.7AI score
Exploits0
wpexploit
wpexploit
added 2021/10/12 12:0 a.m.521 views

Discounts Manager for Products < 3.4.5 - Reflected Cross-Site Scripting

The plugin does not escape the wcdptab parameter before outputting it back in a JavaScript context, leading to a Reflected Cross-Site Scripting issue v alert/XSS/ v 3.4.5 - https://example.com/wp-admin/admin.php?page=wcwcdp&wcdptab=a';alert/XSS/;//...

0.5AI score
Exploits0
ThreatPost
ThreatPost
added 2021/09/13 6:8 p.m.33 views

WooCommerce Multi Currency Bug Allows Shoppers to Change eCommerce Pricing

A security vulnerability in the WooCommerce Multi Currency plugin could allow any customer to change the pricing for products in online stores. WooCommerce is a popular eCommerce plugin for WordPress-powered websites; the Multi Currency plugin from Envato meanwhile allows e-tailers using...

7.3AI score
Exploits0References8
wpexploit
wpexploit
added 2021/08/31 12:0 a.m.101 views

WooCommerce Dynamic Pricing & Discounts < 2.4.2 - Unauthenticated Settings Export

The plugin does not have authorisation check on its export feature, allowing unauthenticated users to export them. https://example.com/?rpwcdpdexportsettings=1...

2.8AI score
Exploits0References1
WPVulnDB
WPVulnDB
added 2021/08/31 12:0 a.m.10 views

WooCommerce Dynamic Pricing & Discounts < 2.4.2 - Unauthenticated Settings Import to Stored XSS

The plugin does not have authorisation and CSRF checks on its import feature, nor sanitise or escape the imported settings. This could allow unauthenticated users to import arbitrary settings, and perform Stored Cross-Site Scripting attacks as well. Please note that v2.4.2 is still missing a CSRF...

2.6AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/08/31 12:0 a.m.13 views

WooCommerce Dynamic Pricing & Discounts < 2.4.2 - Unauthenticated Settings Export

The plugin does not have authorisation check on its export feature, allowing unauthenticated users to export them. PoC https://example.com/?rpwcdpdexportsettings=1...

1.5AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2021/08/31 12:0 a.m.11 views

WordPress WooCommerce Dynamic Pricing & Discounts premium plugin <= 2.4.1 - Unauthenticated Settings Import and Stored XSS vulnerability

Unauthenticated Settings Import and Stored XSS vulnerability discovered by Jerome Bruandet NinTechNet in WordPress WooCommerce Dynamic Pricing & Discounts premium plugin versions = 2.4.1. Solution Update the WordPress WooCommerce Dynamic Pricing & Discounts premium plugin to the latest available...

2.8AI score
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/07/30 12:0 a.m.7 views

The vulnerability of the Magento Commerce software platform for developing and managing online stores relates to the bypassing of security features, allowing unauthorized users to obtain unauthorized discounts on products.

The vulnerability of the Magento Commerce software platform for developing and managing online stores relates to the bypassing of security features. Exploiting this vulnerability allows a malicious actor to gain unauthorized access to products, potentially leading to unauthorized discounts...

7.8CVSS7.2AI score0.05009EPSS
Exploits0References2Affected Software4
Malwarebytes
Malwarebytes
added 2021/04/29 6:51 p.m.42 views

What is Smishing? The 101 guide

Smishing is a valuable tool in the scammers armoury. Youve likely run into it, even if you didnt know that is its name. It doesnt arrive by email or social media direct message, instead choosing a route directly aimed at what may be your most personal device: the mobile phone. So, what is Smishin...

7AI score
Exploits0
Akamai Blog
Akamai Blog
added 2020/12/07 2:0 p.m.33 views

Distinguishing Among DNS Services Part 2: The Economics

This is Part 2 of a 3-part blog series highlighting some of the distinguishing aspects of Akamai's DNS services, Edge DNS and Global Traffic Management. Part 1 focused on Akamai's DNS platform and what sets it apart. In Part 2, we take a closer look at the economics of DNS pricing models and why...

7.2AI score
Exploits0
Rows per page
Query Builder