CVE-2023-23941

SwagPayPal is a PayPal integration for shopware/platform. If JavaScript-based PayPal checkout methods are used PayPal Plus, Smart Payment Buttons, SEPA, Pay Later, Venmo, Credit card, the amount and item list sent to PayPal may not be identical to the one in the created order. The problem has bee...

PT-2024-26280 · Unknown · Help Desk - Customer Support Management System

Name of the Vulnerable Software and Affected Versions: Help Desk - Customer Support Management System versions up to 2.4.0 Description: The issue allows a customer to upload .php files. Methods HelpdeskHelpdeskModuleFrontController::submitTicket and...

PT-2024-19402 · Avo · Avo

Name of the Vulnerable Software and Affected Versions: Avo versions prior to 2.47.0 Avo versions prior to 3.3.0 Description: Avo is a framework to create admin panels for Ruby on Rails apps. In Avo, any HTML inside text that is passed to error or succeed in an Avo::BaseAction subclass will be...

http TRACE cross-site attacks a vulnerability test with the defense fix-bug warning-the black bar safety net

From the bad wolf's blog Web Presence: http TRACE cross-site attack vulnerabilities. Scan results: http TRACE cross-site attacks His webserver supports the TRACE and/or TRACK methods. TRACE and TRACK is used to debugweb serverthe connection to the HTTP way. Support the way of a presence Server...