Nord Security: Past payments using the Direct Debit method keep subscriptions active even if payments fail

I think this is a vulnerability that has no impact but it violates I found many accounts that are actively subscribed even though the payment failed, this is because the payment uses the Direct Debit method, and you have deleted it. Because Direct Debit payments have been deleted and no longer wo...

New Relic: Ability to buy PRO subscriptions by arbitrary reduced prices

Hey team, I've found that a malicious user can buy PRO subscriptions by arbitrarily reduced prices. Steps to reproduce 0 Make sure you have an account without subscriptions at APM PRO bought. If you don't – register a new one. It works for me inside the EU accounts at least. 1 Sign in this accoun...

MTN Group: OTP bypass - Unintended disclosure of OTP to client allows attacker to manage users' subscriptions

Summary: https://play.mtn.co.za/ authenticates subscribers via OTP before their subscriptions to be changed. However, the request which sends the OTP also returns the OTP in the network response, allowing an attacker to manage a user's usbscriptions. Steps To Reproduce: 1. Visit...

Unwanted notifications in browser

When, back in 2015, push notifications were just appearing in browsers, very few people wondered how this tool would be used in the future: once a useful technology made to keep regular readers informed about updates, today it is often used to shell website visitors with unsolicited ads. To achie...

CVE-2012-1160

Moodle before 2.2.2 has a permission issue in Forum Subscriptions where unenrolled users can subscribe/unsubscribe via mod/forum/index.php...

Code injection

Moodle before 2.2.2 has a permission issue in Forum Subscriptions where unenrolled users can subscribe/unsubscribe via mod/forum/index.php...

CVE-2012-1160

Moodle before 2.2.2 has a permission issue in Forum Subscriptions where unenrolled users can subscribe/unsubscribe via mod/forum/index.php Versions 2.2 to 2.2.1+, 2.1 to 2.1.4+ affected...

CVE-2012-1160

CVE-2012-1160 affects Moodle prior to 2.2.2, with a permission flaw in Forum Subscriptions allowing unenrolled users to subscribe/unsubscribe via mod/forum/index.php. Public data confirms affected versions include Moodle 2.1.x up to 2.1.4+, and 2.2.x up to 2.2.1+. Root cause described as a permis...

CVE-2012-1160

Moodle before 2.2.2 has a permission issue in Forum Subscriptions where unenrolled users can subscribe/unsubscribe via mod/forum/index.php...

Joker Spyware Found in 24 Google Play Apps

A new spyware has been making the rounds in Android apps on Google Play, infecting victims post-download to steal their SMS messages, contact lists and device information. In addition to stealing victims’ information, the malware also stealthily signs them up for premium service subscriptions tha...

katello: stored XSS in subscriptions and repositories pages

A cross-site scripting XSS flaw was found in the katello component of Satellite. An attacker with privilege to create/edit organizations and locations is able to execute XSS attacks against other users through the Subscriptions or the Red Hat Repositories wizards. This can possibly lead to...

Mail.ru: CSRF on /subscription_manage.php endpoint at allods.mail.ru

CSRF in https://allods.mail.ru allows to manage user's subscriptions. allods.mail.ru belongs to extended scope...

cockpit security update

173.2-1.0.1 - turn off display of subscriptions menu item in GUI - Drop subscription-manager requirement since we do not ship it [email protected] - Remove Red Hat references. 173.2-1 - ws: Fix bug parsing invalid base64 headers rhbz1672296...

Katello Cross-Site Scripting Vulnerability

Katello is a system management engine that provides workflows for configuration management, subscription management and content management. A cross-site scripting vulnerability exists in Katello version 3.9.0, which can be exploited by remote attackers with the help of Subscriptions or Red Hat...

CVE-2018-16887

A cross-site scripting XSS flaw was found in the katello component of Satellite. An attacker with privilege to create/edit organizations and locations is able to execute a XSS attacks against other users through the Subscriptions or the Red Hat Repositories wizards. This can possibly lead to...

CVE-2018-16887

A cross-site scripting XSS flaw was found in the katello component of Satellite. An attacker with privilege to create/edit organizations and locations is able to execute a XSS attacks against other users through the Subscriptions or the Red Hat Repositories wizards. This can possibly lead to...

CVE-2018-16887

A cross-site scripting XSS flaw was found in the katello component of Satellite. An attacker with privilege to create/edit organizations and locations is able to execute a XSS attacks against other users through the Subscriptions or the Red Hat Repositories wizards. This can possibly lead to...

CVE-2018-16887

A cross-site scripting XSS flaw was found in the katello component of Satellite. An attacker with privilege to create/edit organizations and locations is able to execute XSS attacks against other users through the Subscriptions or the Red Hat Repositories wizards. This can possibly lead to...

CVE-2018-19814

Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 build 51029. The page "/VPortal/mgtconsole/Subscriptions.jsp" has reflected XSS via the ConnPoolName or GroupId parameter...

Slack: Bypass of the SSRF protection in Event Subscriptions parameter.

The vulnerability is present in the "Event Subscriptions" parameter where: "Your app can subscribe to be notified of events in Slack for example, when a user adds a reaction or creates a file at a URL you choose. ". URL: https://api.slack.com/apps/YOUAPPCODE/event-subscriptions? When we add a sit...