HCCTG MPOS M6 PLUS 安全漏洞

HCCTG MPOS M6 PLUS is a mobile payment terminal device developed by HCCTG Corporation. The HCCTG MPOS M6 PLUS 1V.31-N version contains a security vulnerability, which stems from an authentication bypass in the Bluetooth Handler component...

HCCTG MPOS M6 PLUS 访问控制错误漏洞

HCCTG MPOS M6 PLUS is a mobile payment terminal device developed by HCCTG Corporation. The HCCTG MPOS M6 PLUS 1V.31-N version contains an access control vulnerability, which stems from the lack of authentication for the Bluetooth component...

CriticalGears多款产品 跨站脚本漏洞

CriticalGears Stripe Payment Terminal, among others, are payment software products developed by the American company CriticalGears. Multiple products of CriticalGears have cross-site scripting vulnerabilities. These vulnerabilities stem from non-persistent cross-site scripts in fields for enterin...

EUVD-2020-23706

Malware in sbrugna...

CVE-2020-36128

Pax Technology PAXSTORE v7.0.820200511171508 and lower is affected by a token spoofing vulnerability. Each payment terminal has a session token called X-Terminal-Token to access the marketplace. This allows the store to identify the terminal and make available the applications distributed by its...

CVE-2019-14719

Verifone MX900 series Pinpad Payment Terminals with OS 30251000 allow multiple arbitrary command injections, as demonstrated by the file manager...

PAX Technology Android based POS Security Vulnerability

PAX Technology Android based POS is a series of Android mobile payment terminals from China-based PAX Technology. A security vulnerability exists in PAX Technology Android based POS PayDroid8.1.0SagittariusV11.1.5020230614 and prior versions, which stems from a vulnerability that allows an attack...

PAX Technology A930 安全漏洞

The PAX Technology A930 is an Android mobile payment terminal from China-based PAX Technology. A security vulnerability exists in the PAX Technology A930 PayDroid7.1.1VirgoV04.5.0220220722 version, which originated from a vulnerability that allows an attacker to gain root access by running a...

Amount of project token minted to beneficiary by JBXBuybackDelegate._mint function is not checked against an expected minimum number of project tokens to be minted to such beneficiary

Lines of code Vulnerability details Impact Calling the following JBPayoutRedemptionPaymentTerminal31.pay function executes fundingCycle, tokenCount, delegateAllocations, memo = store.recordPaymentFrompayer, bundledAmount, projectId, baseWeightCurrency, beneficiary, memo, metadata. File:...

NFT not minted when contributed via a supported payment terminal

Lines of code Vulnerability details Impact A contributor won't get an NFT they're eligible for if the payment is made through a payment terminal that's supported by the project but not by the NFT delegate. Proof of Concept A Juicebox project can use multiple payment terminals to receive...

Project Owner can mint all tokens to their own address

Lines of code Vulnerability details Impact A project owner may mint all tokens for the project in JBController.mintTokensOf , with all tokens minted by the project owner to their own address, the payer during any pay call would be unable to to mint any project token as the mint function would...

Payment Terminal 3.1 - (Multiple) Cross-Site Scripting Vulnerability

Exploit Title: Payment Terminal 3.1 - 'Multiple' Cross-Site Scripting XSS Exploit Author: Vulnerability Lab Vendor Homepage: https://www.criticalgears.com/ Software Link: https://www.criticalgears.com/product/authorize-net-payment-terminal/...

Payment Terminal 3.1 - 'Multiple' Cross-Site Scripting (XSS)

Exploit Title: Payment Terminal 3.1 - 'Multiple' Cross-Site Scripting XSS Date: 2021-11-05 Exploit Author: Vulnerability Lab Vendor Homepage: https://www.criticalgears.com/ Software Link: https://www.criticalgears.com/product/authorize-net-payment-terminal/...

Payment Terminal 2.x & v3.x - Multiple XSS Vulnerabilities

Document Title: =============== Payment Terminal 2.x & v3.x - Multiple XSS Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2280 Release Date: ============= 2021-11-05 Vulnerability Laboratory ID VL-ID: ===================================...

CVE-2020-36128

Pax Technology PAXSTORE v7.0.820200511171508 and lower is affected by a token spoofing vulnerability. Each payment terminal has a session token called X-Terminal-Token to access the marketplace. This allows the store to identify the terminal and make available the applications distributed by its...

CVE-2020-36128

Pax Technology PAXSTORE v7.0.820200511171508 and lower is affected by a token spoofing vulnerability. Each payment terminal has a session token called X-Terminal-Token to access the marketplace. This allows the store to identify the terminal and make available the applications distributed by its...

CVE-2020-36128

CVE-2020-36128 affects Pax Technology PAXSTORE v7.0.8_20200511171508 and earlier. The vulnerability stems from token impersonation: each terminal uses an X-Terminal-Token to access the marketplace, and an attacker can intercept HTTPS requests to obtain the token assignment and craft a token to im...

Pax Technology PAXSTORE 安全漏洞

PAX Technology PAXSTORE is an application from China PAX PAX Inc. An ecosystem that connects 2.5 million endpoints, thousands of application developers and more than 180 marketplaces in more than 80 countries/regions around the world. A security vulnerability exists in Pax Technology PAXSTORE...

CVE-2019-14713

Verifone MX900 series Pinpad Payment Terminals with OS 30251000 allow installation of unsigned packages...