126 matches found
GHSA-RRXV-Q8M4-WCH3 .eth registrar controller can shorten the duration of registered names
Description According to the documentation, controllers are allowed to register new domains and extend the expiry of existing domains, but they cannot change the ownership or reduce the expiration time of existing domains. However, a preliminary analysis suggests that an attacker-controlled...
CVE-2022-4888
The Checkout Fields Manager WordPress plugin before 1.0.2, Abandoned Cart Recovery WordPress plugin before 1.2.5, Custom Fields for WooCommerce WordPress plugin before 1.0.4, Custom Order Number WordPress plugin through 1.0.1, Custom Registration Forms Builder WordPress plugin before 1.0.2,...
Stripe: Fee discounts can be redeemed many times, resulting in unlimited fee-free transactions
A fee discount offer on Stripe transactions could be redeemed multiple times, resulting in unlimited fee-free transactions. The vulnerability allowed the attacker to call the /ajax/acceptfeediscountoffer endpoint multiple times, applying the discount each time. The impact was unlimited fee-free...
Smartphone Discounts Set To Rocket As Market Slumps
By Owais Sultan In the US, there was a drop in sales of 19% as people stayed on their phones for longer. Globally, smartphone sales are down from 488 million units to 429 million units. This is a post from HackRead.com Read the original post: Smartphone Discounts Set To Rocket As Market Slumps...
Best Year-End Cybersecurity Deals from Uptycs, SANS Institute, and Bitdefender
Looking to up your cybersecurity game in the new year? Do not just buy electronics this vacation season, improve your cybersecurity! The end of the year is a great time to re-evaluate your cybersecurity strategy and make some important investments in protecting your personal and professional data...
GHSA-8WM7-H2QH-FF4C Magento authorization bypass vulnerability
Magento versions 2.3.4 and earlier, 2.2.11 and earlier see note, 1.14.4.4 and earlier, and 1.9.4.4 and earlier have an authorization bypass vulnerability. Successful exploitation could lead to potentially unauthorized product discounts...
Magento authorization bypass vulnerability
Magento versions 2.3.4 and earlier, 2.2.11 and earlier see note, 1.14.4.4 and earlier, and 1.9.4.4 and earlier have an authorization bypass vulnerability. Successful exploitation could lead to potentially unauthorized product discounts...
TikTok: Create product discounts of any shop
An Insecure Direct Object Reference IDOR vulnerability was found on a TikTok seller endpoint, which could have resulted in any user to create product discounts for shops they did not own. We thank @datph4m for reporting this to our team...
GHSA-54HW-MHGH-X4VC Business Logic Errors in pimcore
In pimcore versions prior to 10.2.9 discounts could be negative resulting in unintended behavior...
Business Logic Errors in pimcore
In pimcore versions prior to 10.2.9 discounts could be negative resulting in unintended behavior...
Liquidation will never work with non-zero discounts
Handle harleythedog Vulnerability details Impact Right now, there is only one discount profile in the github repo: the "NoDiscountProfile" which does not discount the debt at all. This specific discount profile works correctly, but I claim that any other discount profile will result in liquidatio...
Discounts Manager for Products < 3.4.5 - Reflected Cross-Site Scripting
The plugin does not escape the wcdptab parameter before outputting it back in a JavaScript context, leading to a Reflected Cross-Site Scripting issue v alert/XSS/ v 3.4.5 - https://example.com/wp-admin/admin.php?page=wcwcdp&wcdptab=a';alert/XSS/;//...
WooCommerce Multi Currency Bug Allows Shoppers to Change eCommerce Pricing
A security vulnerability in the WooCommerce Multi Currency plugin could allow any customer to change the pricing for products in online stores. WooCommerce is a popular eCommerce plugin for WordPress-powered websites; the Multi Currency plugin from Envato meanwhile allows e-tailers using...
WooCommerce Dynamic Pricing & Discounts < 2.4.2 - Unauthenticated Settings Export
The plugin does not have authorisation check on its export feature, allowing unauthenticated users to export them. https://example.com/?rpwcdpdexportsettings=1...
WooCommerce Dynamic Pricing & Discounts < 2.4.2 - Unauthenticated Settings Import to Stored XSS
The plugin does not have authorisation and CSRF checks on its import feature, nor sanitise or escape the imported settings. This could allow unauthenticated users to import arbitrary settings, and perform Stored Cross-Site Scripting attacks as well. Please note that v2.4.2 is still missing a CSRF...
WooCommerce Dynamic Pricing & Discounts < 2.4.2 - Unauthenticated Settings Export
The plugin does not have authorisation check on its export feature, allowing unauthenticated users to export them. PoC https://example.com/?rpwcdpdexportsettings=1...
WordPress WooCommerce Dynamic Pricing & Discounts premium plugin <= 2.4.1 - Unauthenticated Settings Import and Stored XSS vulnerability
Unauthenticated Settings Import and Stored XSS vulnerability discovered by Jerome Bruandet NinTechNet in WordPress WooCommerce Dynamic Pricing & Discounts premium plugin versions = 2.4.1. Solution Update the WordPress WooCommerce Dynamic Pricing & Discounts premium plugin to the latest available...
The vulnerability of the Magento Commerce software platform for developing and managing online stores relates to the bypassing of security features, allowing unauthorized users to obtain unauthorized discounts on products.
The vulnerability of the Magento Commerce software platform for developing and managing online stores relates to the bypassing of security features. Exploiting this vulnerability allows a malicious actor to gain unauthorized access to products, potentially leading to unauthorized discounts...
What is Smishing? The 101 guide
Smishing is a valuable tool in the scammers armoury. Youve likely run into it, even if you didnt know that is its name. It doesnt arrive by email or social media direct message, instead choosing a route directly aimed at what may be your most personal device: the mobile phone. So, what is Smishin...
Distinguishing Among DNS Services Part 2: The Economics
This is Part 2 of a 3-part blog series highlighting some of the distinguishing aspects of Akamai's DNS services, Edge DNS and Global Traffic Management. Part 1 focused on Akamai's DNS platform and what sets it apart. In Part 2, we take a closer look at the economics of DNS pricing models and why...