200+ Fake Retail Sites Used in New Wave of Subscription Scams

Bitdefender uncovers a massive surge in sophisticated subscription scams disguised as online shops and evolving mystery boxes. Learn…...

CVE-2024-37296 Aimeos HTML client vulnerable to digital products download without proper payment status check

The Aimeos HTML client provides Aimeos HTML components for e-commerce projects. Starting in version 2020.04.1 and prior to versions 2020.10.27, 2021.10.21, 2022.10.12, 2023.10.14, and 2024.04.5, digital downloads sold in online shops can be downloaded without valid payment, e.g. if the payment...

Improper Enforcement Of Behavioral Workflow

aimeos/ai-client-html is vulnerable to Improper enforcement of behavioral workflow. The vulnerability is due to an issue where digital downloads sold in online shops can be accessed without valid payment, for instance, if the payment process fails. This could allow attackers to obtain digital goo...

GHSA-V4G2-CM5V-CXV7 Digital products download without proper payment status check

Impact Digital downloads sold in online shops can be downloaded without valid payment, e.g. if the payment didn't succeed. Patches New versions for the Aimeos HTML client 2020-2024 are available...

Digital products download without proper payment status check

Impact Digital downloads sold in online shops can be downloaded without valid payment, e.g. if the payment didn't succeed. Patches New versions for the Aimeos HTML client 2020-2024 are available...

Duplicate

This advisory duplicates another...

Digital products download without proper payment status check

Digital downloads sold in online shops can be downloaded without valid payment, e.g. if the payment didn't succeed...

40% of online shops tricking users with “dark patterns”

The European Commission has been looking at retail websites to see if they're misleading consumers with "dark patterns". Spoiler: Yes, they are. The Commission, along with the national consumer protection authorities of 23 EU member states, plus Norway and Iceland, have released the results of...

Magento < 2.0.6 - Unauthenticated Remote Code Execution

参考来源：http://netanelrub.in/2016/05/17/magento-unauthenticated-remote-code-execution/ The vulnerability CVE-2016-4010 allows an attacker to execute PHP code at the vulnerable Magento server unauthenticated. This vulnerability actually consists of many small vulnerabilities Magento is an extremely...

Canonical to create UbuntuKylin OS for Chinese users

Canonical, the software company that manages and funds Ubuntu, announced to develop a new, open-source operating system customized especially for Chinese users called 'UbuntuKylin OS'. According to the BBC, Chinese government and Canonical partner to launch its home grown operating system. China...

Smart Systems restore over hacked 295 websites !

Over bisected of the websites, whose hostings are serviced by Smart Systems accept been restored. Currently, the aggregation gain with adjustment works. The server of Smart Systems was attacked by a accumulation of hackers, what has resulted in malfunction of 295 websites on January 29. Instead o...

ASP.NET __VIEWSTATE crypto validation prone to replay attacks

Good morning, ASP.NET's extremely popular VIEWSTATE functionality provides an automatic, uniform method for storing current state of all webpage "controls" including form fields, database views, etc, so that user-entered data automagically persists and is populated across newly rendered HTML, and...