10 matches found
Kartpay: Misconfiguration of Merchant id in jwt header + Weird Debug mode enabling behavior leads to exposed OTP of mobile number.
The Verification email Content was able to decrypt easily and leads to disclosure of information that was supposed to be provided after account verification is completed. Secondly, For a Limited time Production was put on debug mode but it was left with it. so now it has been fixed...
Magento WooCommerce CardGate Payment Gateway 2.0.30 - Payment Process Bypass Exploit
Exploit for php platform in category web applications Exploit Title: Magento WooCommerce CardGate Payment Gateway 2.0.30 - Payment Process Bypass Exploit Author: GeekHack Vendor Homepage: https://www.cardgate.com www.curopayments.com Software Link:...
WordPress WooCommerce CardGate Payment Gateway 3.1.15 Bypass
Exploit Title: WordPress Plugin WooCommerce CardGate Payment Gateway 3.1.15 - Payment Process Bypass Discovery Date: 2020-02-02 Public Disclosure Date: 2020-02-22 Exploit Author: GeekHack Vendor Homepage: https://www.cardgate.com www.curopayments.com Software Link:...
WordPress Plugin WooCommerce CardGate Payment Gateway 3.1.15 - Payment Process Bypass
WordPress Plugin WooCommerce CardGate Payment Gateway 3.1.15 - Payment Process Bypass Exploit Title: WordPress Plugin WooCommerce CardGate Payment Gateway 3.1.15 - Payment Process Bypass Discovery Date: 2020-02-02 Public Disclosure Date: 2020-02-22 Exploit Author: GeekHack Vendor Homepage:...
CVE-2020-8819
An issue was discovered in the CardGate Payments plugin through 3.1.15 for WooCommerce. Lack of origin authentication in the IPN callback processing function in cardgate/cardgate.php allows an attacker to remotely replace critical plugin settings merchant ID, secret key, etc. and therefore bypass...
CVE-2020-8818
An issue was discovered in the CardGate Payments plugin through 2.0.30 for Magento 2. Lack of origin authentication in the IPN callback processing function in Controller/Payment/Callback.php allows an attacker to remotely replace critical plugin settings merchant ID, secret key, etc. and therefor...
CVE-2014-4559
Multiple cross-site scripting XSS vulnerabilities in test-plugin.php in the Swipe Checkout for WP e-Commerce plugin 3.1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 apikey, 2 paymentpageurl, 3 merchantid, 4 apiurl, or 5 currency parameter...
CVE-2014-4559
Multiple cross-site scripting XSS vulnerabilities in test-plugin.php in the Swipe Checkout for WP e-Commerce plugin 3.1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 apikey, 2 paymentpageurl, 3 merchantid, 4 apiurl, or 5 currency parameter...
WeChat Pay SDK XXE Injection
Hi List, Title XXE in WeChat Pay Sdk WeChat leave a backdoor on merchant websites ------------------------------------------ Background aMobile payments surge to $9 trillion a year, changing how people shop, borrowaeven panhandlea, as WSJ.com once reported. As a payment security researcher, I...
Network fun online shopping users fashion Edition Build 1 0 1 1 0 1 SQL injection exploit-vulnerability warning-the black bar safety net
listshj. asp page there is the injection, not for authentication, wherein %dim shjiaid shjiaid=request. querystring"id" set rs=server. createobject"adodb. recordset" rs. open "select from shjia where shjiaid=" shjiaid ,conn,1,1% ID is not filtered, and injected into the generated/admin/listshj...