16 matches found
EUVD-2020-16277
Malware in sbrugna...
EUVD-2020-23826
Malware in sbrugna...
CVE-2020-36284
Union Pay up to 3.4.93.4.9, for android, contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile apps, via a crafted authentication code MAC which is generated based on a secret key which is NULL...
Design/Logic Flaw
Union Pay up to 3.4.93.4.9, for android, contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile apps, via a crafted authentication code MAC which is generated based on a secret key which is NULL...
CVE-2020-36285
CVE-2020-36285 concerns Union Pay for iOS up to version 3.3.12. The vulnerability is described as CWE-347: Improper Verification of Cryptographic Signature, where an authentication code (MAC) is generated based on a secret key that is NULL/empty. This permits attackers to shop for free on merchan...
CVE-2020-36284
Union Pay up to 3.4.93.4.9, for android, contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile apps, via a crafted authentication code MAC which is generated based on a secret key which is NULL...
CVE-2020-23533
CVE-2020-23533 affects Union Pay web versions up to 1.2.0 and is linked to a CWE-347 vulnerability: improper verification of a cryptographic signature. An attacker can craft an authentication code (MAC) generated from a NULL/empty key to make free purchases on merchant websites and mobile apps. C...
A week in security (April 13 – 19)
Last week on Malwarebytes Labs, we looked at how to avoid Zoom bombing, weighed the risks of surveillance versus pandemics, and dug into a spot of WiFi credential theft. Other cybersecurity news: Malware creeps back into the home: With a pandemic forcing much of the workforce into remote position...
Worry-Free Shopping System ASP General Edition suffers from SQ Injection Vulnerability
Hassle-free shopping system ASP General Edition is a shopping site based on ASP/Access development of general management system set up. Worry-Free Shopping System ASP General Edition suffers from SQL injection vulnerability, which can be exploited by attackers to obtain sensitive database...
Baby Mart - Free Shopping Game - Dangerous filesystem permissions, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application Baby Mart - Free Shopping Game published at the 'play' market has multiple vulnerabilities...
IGeneric Free Shopping Cart 1.4 Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/9773/info It has been reported that iGeneric Free Shopping Cart is prone to a cross-site vulnerability. This issue is due to a failure of the application to properly sanitize user supplied URI parameters Exploitation coul...
Cart Engine 3.0.0 (task.php) Local File Inclusion
Cart Engine 3.0.0 task.php Local File Inclusion Vulnerability Vendor: C97net Product web page: http://www.c97.net Affected version: 3.0.0 Summary: Open your own online shop today with Cart Engine! The small, yet powerful and don't forget, FREE shopping cart based on PHP & MySQL. Unique features...
CVE-2009-1447
Unrestricted file upload vulnerability in admin/editor/image.php in e-cart.biz Free Shopping Cart allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/...
CVE-2009-1447
The CVE-2009-1447 vulnerability affects e-cart.biz Free Shopping Cart, specifically the admin/editor/image.php endpoint. It is an unrestricted file upload flaw that allows remote attackers to upload a file with an executable extension and access it via a direct URL under images/, enabling arbitra...
IGeneric Free Shopping Cart 1.4 - Cross-Site Scripting
source: https://www.securityfocus.com/bid/9773/info It has been reported that iGeneric Free Shopping Cart is prone to a cross-site vulnerability. This issue is due to a failure of the application to properly sanitize user supplied URI parameters Exploitation could allow for theft of cookie-based...
IGeneric Free Shopping Cart 1.4 - Cross-Site Scripting
IGeneric Free Shopping Cart 1.4 - Cross-Site Scripting source: https://www.securityfocus.com/bid/9773/info It has been reported that iGeneric Free Shopping Cart is prone to a cross-site vulnerability. This issue is due to a failure of the application to properly sanitize user supplied URI...