29 matches found
EUVD-2026-9018
The Japanized for WooCommerce plugin for WordPress is vulnerable to Improper Authentication in versions up to, and including, 2.8.4. This is due to a flawed permission check in the paidywebhookpermissioncheck function that unconditionally returns true when the webhook signature header is omitted...
EUVD-2020-6127
Malware in sbrugna...
EUVD-2016-0243
Malware in sbrugna...
EUVD-2022-2225
Malicious code in bioql PyPI...
twisted.web has disordered HTTP pipeline response
Summary The HTTP 1.0 and 1.1 server provided by twisted.web could process pipelined HTTP requests out-of-order, possibly resulting in information disclosure. PoC 0. Start a fresh Debian container: sh docker run --workdir /repro --rm -it debian:bookworm-slim 1. Install twisted and its dependencies...
autohooks-plugin-pdoc (>=0.1.1 <=0.1.2), bond-order-processing (=1.0.3) +20 more potentially affected by CVE-2024-38526 via pdoc (>=0.3.2 <=14.5.0)
pdoc PYPI version =0.3.2, =0.1.1, =1.0.0, =0.9.3, =0.0.7, =2.5.7, =0.1.1, =0.4.5, =0.2.0, =0.3.0, =0.1.0, =0.1.1 and more Source cves: CVE-2024-38526 Source advisory: OSV:GHSA-5VGJ-GGM4-FG62...
[WP-H1] OrderFulfiller.sol#_applyFractionsAndTransferEach() Orders with offerItem.itemType == ItemType.NATIVE are not processed properly
Lines of code Vulnerability details // Reduce available value if offer spent ETH or a native token. if offerItem.itemType == ItemType.NATIVE // Ensure that sufficient native tokens are still available. if amount etherRemaining revert InsufficientEtherSupplied; // Skip underflow check as a...
GHSA-3PGC-7JF3-5X5G Magento 2 Community Edition IDOR Vulnerability
An Insecure Direct Object Reference IDOR vulnerability exists in the order processing workflow of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can lead to unauthorized access to order details...
Magento 2 Community Edition IDOR Vulnerability
An Insecure Direct Object Reference IDOR vulnerability exists in the order processing workflow of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can lead to unauthorized access to order details...
MartDevelopers Order Processing Mis 跨站脚本漏洞
MartDevelopers Order Processing Mis is a lightweight order processing Mis prototype from MartDevelopers Kenya. A cross-site scripting vulnerability exists in MartDevelopers Order Processing Mis version 1.0, which can be exploited by an attacker to execute malicious HTML code via a registration fo...
Order Processing MIS 跨站脚本漏洞
Order Processing MIS is iOrder's lightweight prototype for an order processing MIS. Order Processing MIS suffers from a cross-site scripting vulnerability that stems from the software's lack of filtering and escaping of user-submitted data. This vulnerability can be exploited by remote attackers ...
COVID-19 Antigen Firm Hit by Malware Attack
Over the past two weeks, global biotech firm Miltenyi has been battling a malware attack on its IT infrastructure, the company said in a recent disclosure to its customers. Miltenyi, which has been working on treatments for COVID-19, is still wrestling with phone and email communications in the...
Apache OFBiz Input Validation Error Vulnerability
Apache OFBiz is the United States Apache Apache Software Foundation of a set of enterprise resource planning ERP system. The system provides a complete set of Java-based Web application components and tools. A security vulnerability exists in the order processing functionality of the commerce...
CVE-2020-13923
IDOR vulnerability in the order processing feature from ecommerce component of Apache OFBiz before 17.12.04...
CVE-2020-13923
IDOR vulnerability in the order processing feature from ecommerce component of Apache OFBiz before 17.12.04...
Security feature bypass
IDOR vulnerability in the order processing feature from ecommerce component of Apache OFBiz before 17.12.04...
CVE-2019-0386
Order processing in SAP ERP Sales corrected in SAPAPPL 6.0, 6.02, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18 and S4HANA Sales corrected in S4CORE 1.0, 1.01, 1.02, 1.03, 1.04 does not execute the required authorization checks for an authenticated user, which can result in an escalation of privileges...
Authorization
Order processing in SAP ERP Sales corrected in SAPAPPL 6.0, 6.02, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18 and S4HANA Sales corrected in S4CORE 1.0, 1.01, 1.02, 1.03, 1.04 does not execute the required authorization checks for an authenticated user, which can result in an escalation of privileges...
CVE-2019-0386
Order processing in SAP ERP Sales corrected in SAPAPPL 6.0, 6.02, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18 and S4HANA Sales corrected in S4CORE 1.0, 1.01, 1.02, 1.03, 1.04 does not execute the required authorization checks for an authenticated user, which can result in an escalation of privileges...
CVE-2019-7890
An Insecure Direct Object Reference IDOR vulnerability exists in the order processing workflow of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can lead to unauthorized access to order details...