UnionPay Data Forgery Issue Vulnerability

UnionPay is an application system of China UnionPay Corporation UnionPay. A data forgery issue vulnerability exists in UnionPay for android versions prior to 3.4.93.4.9, which stems from not properly verifying cryptographic signatures, and can be exploited by an attacker to make free purchases on...

CVE-2020-36284

Union Pay up to 3.4.93.4.9, for android, contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile apps, via a crafted authentication code MAC which is generated based on a secret key which is NULL...

CVE-2020-36285

Union Pay up to 3.3.12, for iOS mobile apps, contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile apps, via a crafted authentication code MAC which is generated based on a secret key which is NULL...

UnionPay IOS 数据伪造问题漏洞

UnionPay IOS is an application of China UnionPay Corporation UnionPay in China. Union Pay ios 3.3.12 suffers from a security vulnerability that originates from incorrectly verified password signatures, which can be exploited by an attacker to make free purchases on merchant websites and mobile ap...

cmseasy设计逻辑缺陷可以不花钱买东西

简要描述： cmseasy设计逻辑缺陷可以不花钱买东西 详细说明： archiveact.php: function ordersaction $this-view-aid = trimfront::get'aid'; if front::post'submit' $this-orders = new orders; $row = $this-orders-getrow"","adddate DESC"; //vardumptime; if$row'adddate' && time - $row'adddate' view-user'userid' ?...