Lucene search
K

10 matches found

Hacker One
Hacker One
added 2021/01/18 3:59 p.m.105 views

Kartpay: Misconfiguration of Merchant id in jwt header + Weird Debug mode enabling behavior leads to exposed OTP of mobile number.

The Verification email Content was able to decrypt easily and leads to disclosure of information that was supposed to be provided after account verification is completed. Secondly, For a Limited time Production was put on debug mode but it was left with it. so now it has been fixed...

0.4AI score
Exploits0
0day.today
0day.today
added 2020/02/26 12:0 a.m.194 views

Magento WooCommerce CardGate Payment Gateway 2.0.30 - Payment Process Bypass Exploit

Exploit for php platform in category web applications Exploit Title: Magento WooCommerce CardGate Payment Gateway 2.0.30 - Payment Process Bypass Exploit Author: GeekHack Vendor Homepage: https://www.cardgate.com www.curopayments.com Software Link:...

0.1AI score0.0417EPSS
Exploits5
Packet Storm
Packet Storm
added 2020/02/25 12:0 a.m.173 views

WordPress WooCommerce CardGate Payment Gateway 3.1.15 Bypass

Exploit Title: WordPress Plugin WooCommerce CardGate Payment Gateway 3.1.15 - Payment Process Bypass Discovery Date: 2020-02-02 Public Disclosure Date: 2020-02-22 Exploit Author: GeekHack Vendor Homepage: https://www.cardgate.com www.curopayments.com Software Link:...

0.1AI score0.04541EPSS
Exploits6
exploitpack
exploitpack
added 2020/02/25 12:0 a.m.89 views

WordPress Plugin WooCommerce CardGate Payment Gateway 3.1.15 - Payment Process Bypass

WordPress Plugin WooCommerce CardGate Payment Gateway 3.1.15 - Payment Process Bypass Exploit Title: WordPress Plugin WooCommerce CardGate Payment Gateway 3.1.15 - Payment Process Bypass Discovery Date: 2020-02-02 Public Disclosure Date: 2020-02-22 Exploit Author: GeekHack Vendor Homepage:...

5.5CVSS0.3AI score0.04541EPSS
Exploits6
ATTACKERKB
ATTACKERKB
added 2020/02/25 12:0 a.m.22 views

CVE-2020-8819

An issue was discovered in the CardGate Payments plugin through 3.1.15 for WooCommerce. Lack of origin authentication in the IPN callback processing function in cardgate/cardgate.php allows an attacker to remotely replace critical plugin settings merchant ID, secret key, etc. and therefore bypass...

8.1CVSS8.1AI score0.04541EPSS
Exploits6References6
ATTACKERKB
ATTACKERKB
added 2020/02/25 12:0 a.m.20 views

CVE-2020-8818

An issue was discovered in the CardGate Payments plugin through 2.0.30 for Magento 2. Lack of origin authentication in the IPN callback processing function in Controller/Payment/Callback.php allows an attacker to remotely replace critical plugin settings merchant ID, secret key, etc. and therefor...

8.1CVSS8.1AI score0.04541EPSS
Exploits11References4
NVD
NVD
added 2019/12/27 2:15 p.m.13 views

CVE-2014-4559

Multiple cross-site scripting XSS vulnerabilities in test-plugin.php in the Swipe Checkout for WP e-Commerce plugin 3.1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 apikey, 2 paymentpageurl, 3 merchantid, 4 apiurl, or 5 currency parameter...

6.1CVSS6.2AI score0.01163EPSS
Exploits2References1
Cvelist
Cvelist
added 2019/12/27 1:56 p.m.16 views

CVE-2014-4559

Multiple cross-site scripting XSS vulnerabilities in test-plugin.php in the Swipe Checkout for WP e-Commerce plugin 3.1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 apikey, 2 paymentpageurl, 3 merchantid, 4 apiurl, or 5 currency parameter...

6.2AI score0.01163EPSS
Exploits2References1
Packet Storm
Packet Storm
added 2018/07/02 12:0 a.m.51 views

WeChat Pay SDK XXE Injection

Hi List, Title XXE in WeChat Pay Sdk WeChat leave a backdoor on merchant websites ------------------------------------------ Background aMobile payments surge to $9 trillion a year, changing how people shop, borrowaeven panhandlea, as WSJ.com once reported. As a payment security researcher, I...

7.4AI score
Exploits0
myhack58
myhack58
added 2010/12/10 12:0 a.m.11 views

Network fun online shopping users fashion Edition Build 1 0 1 1 0 1 SQL injection exploit-vulnerability warning-the black bar safety net

listshj. asp page there is the injection, not for authentication, wherein %dim shjiaid shjiaid=request. querystring"id" set rs=server. createobject"adodb. recordset" rs. open "select from shjia where shjiaid=" shjiaid ,conn,1,1% ID is not filtered, and injected into the generated/admin/listshj...

1.1AI score
Exploits0
Rows per page
Query Builder