Lucene search
K

16 matches found

euvd
euvd
added 2025/10/07 12:30 a.m.3 views

EUVD-2020-16277

Malware in sbrugna...

7.5CVSS7.5AI score0.00924EPSS
Exploits0References5
euvd
euvd
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-23826

Malware in sbrugna...

7.5CVSS7.6AI score0.00904EPSS
Exploits0References4
nvd
nvd
added 2021/04/06 4:15 p.m.17 views

CVE-2020-36284

Union Pay up to 3.4.93.4.9, for android, contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile apps, via a crafted authentication code MAC which is generated based on a secret key which is NULL...

7.5CVSS0.00904EPSS
Exploits0References3
prion
prion
added 2021/04/06 4:15 p.m.14 views

Design/Logic Flaw

Union Pay up to 3.4.93.4.9, for android, contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile apps, via a crafted authentication code MAC which is generated based on a secret key which is NULL...

5CVSS7.8AI score0.00904EPSS
Exploits0References3Affected Software1
cve
cve
added 2021/04/06 3:38 p.m.34 views

CVE-2020-36285

CVE-2020-36285 concerns Union Pay for iOS up to version 3.3.12. The vulnerability is described as CWE-347: Improper Verification of Cryptographic Signature, where an authentication code (MAC) is generated based on a secret key that is NULL/empty. This permits attackers to shop for free on merchan...

7.5CVSS7.5AI score0.00904EPSS
Exploits0References3Affected Software1
cvelist
cvelist
added 2021/04/06 3:36 p.m.19 views

CVE-2020-36284

Union Pay up to 3.4.93.4.9, for android, contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile apps, via a crafted authentication code MAC which is generated based on a secret key which is NULL...

7.8AI score0.00904EPSS
Exploits0References3
cve
cve
added 2021/04/06 3:34 p.m.59 views

CVE-2020-23533

CVE-2020-23533 affects Union Pay web versions up to 1.2.0 and is linked to a CWE-347 vulnerability: improper verification of a cryptographic signature. An attacker can craft an authentication code (MAC) generated from a NULL/empty key to make free purchases on merchant websites and mobile apps. C...

7.5CVSS7.7AI score0.00924EPSS
Exploits0References4Affected Software1
malwarebytes
malwarebytes
added 2020/04/20 4:36 p.m.37 views

A week in security (April 13 – 19)

Last week on Malwarebytes Labs, we looked at how to avoid Zoom bombing, weighed the risks of surveillance versus pandemics, and dug into a spot of WiFi credential theft. Other cybersecurity news: Malware creeps back into the home: With a pandemic forcing much of the workforce into remote position...

Exploits0
cnvd
cnvd
added 2018/02/06 12:0 a.m.3 views

Worry-Free Shopping System ASP General Edition suffers from SQ Injection Vulnerability

Hassle-free shopping system ASP General Edition is a shopping site based on ASP/Access development of general management system set up. Worry-Free Shopping System ASP General Edition suffers from SQL injection vulnerability, which can be exploited by attackers to obtain sensitive database...

7.8AI score
Exploits0
hackapp
hackapp
added 2016/04/01 10:25 a.m.11 views

Baby Mart - Free Shopping Game - Dangerous filesystem permissions, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Baby Mart - Free Shopping Game published at the 'play' market has multiple vulnerabilities...

0.5AI score
Exploits0References1Affected Software1
seebug
seebug
added 2014/07/01 12:0 a.m.21 views

IGeneric Free Shopping Cart 1.4 Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9773/info It has been reported that iGeneric Free Shopping Cart is prone to a cross-site vulnerability. This issue is due to a failure of the application to properly sanitize user supplied URI parameters Exploitation coul...

7.1AI score
Exploits0
packetstorm
packetstorm
added 2014/03/25 12:0 a.m.16 views

Cart Engine 3.0.0 (task.php) Local File Inclusion

Cart Engine 3.0.0 task.php Local File Inclusion Vulnerability Vendor: C97net Product web page: http://www.c97.net Affected version: 3.0.0 Summary: Open your own online shop today with Cart Engine! The small, yet powerful and don't forget, FREE shopping cart based on PHP & MySQL. Unique features...

Exploits0
cvelist
cvelist
added 2009/04/27 7:0 p.m.27 views

CVE-2009-1447

Unrestricted file upload vulnerability in admin/editor/image.php in e-cart.biz Free Shopping Cart allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/...

7.7AI score0.0351EPSS
Exploits0References4
cve
cve
added 2009/04/27 7:0 p.m.48 views

CVE-2009-1447

The CVE-2009-1447 vulnerability affects e-cart.biz Free Shopping Cart, specifically the admin/editor/image.php endpoint. It is an unrestricted file upload flaw that allows remote attackers to upload a file with an executable extension and access it via a direct URL under images/, enabling arbitra...

6.8CVSS7.9AI score0.0351EPSS
Exploits0References4Affected Software1
exploitdb
exploitdb
added 2004/03/01 12:0 a.m.21 views

IGeneric Free Shopping Cart 1.4 - Cross-Site Scripting

source: https://www.securityfocus.com/bid/9773/info It has been reported that iGeneric Free Shopping Cart is prone to a cross-site vulnerability. This issue is due to a failure of the application to properly sanitize user supplied URI parameters Exploitation could allow for theft of cookie-based...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2004/03/01 12:0 a.m.9 views

IGeneric Free Shopping Cart 1.4 - Cross-Site Scripting

IGeneric Free Shopping Cart 1.4 - Cross-Site Scripting source: https://www.securityfocus.com/bid/9773/info It has been reported that iGeneric Free Shopping Cart is prone to a cross-site vulnerability. This issue is due to a failure of the application to properly sanitize user supplied URI...

0.1AI score
Exploits0
Rows per page
Query Builder