EUVD-2020-23703

Malware in sbrugna...

CVE-2023-26980

PAX Technology PAX A920 Pro PayDroid 8.1suffers from a Race Condition vulnerability, which allows attackers to bypass the payment software and force the OS to boot directly to Android during the boot process. NOTE: the vendor disputes this because the attack is not feasible: the home launcher wil...

CVE-2023-27199

PAX Technology A930 PayDroid7.1.1VirgoV04.5.0220220722 allows attackers to compile a malicious shared library and use LDPRELOAD to bypass authorization checks...

CVE-2020-36128

Pax Technology PAXSTORE v7.0.820200511171508 and lower is affected by a token spoofing vulnerability. Each payment terminal has a session token called X-Terminal-Token to access the marketplace. This allows the store to identify the terminal and make available the applications distributed by its...

CVE-2020-36127

Pax Technology PAXSTORE v7.0.820200511171508 and lower is affected by an information disclosure vulnerability. Through the PUK signature functionality, an administrator will not have access to the current p12 certificate and password. When accessing this functionality, the administrator has the...

PAX PoS Terminal Flaw Could Allow Attackers to Tamper with Transactions

The point-of-sale PoS terminals from PAX Technology are impacted by a collection of high-severity vulnerabilities that can be weaponized by threat actors to execute arbitrary code. The STM Cyber R&D team, which reverse engineered the Android-based devices manufactured by the Chinese firm owing to...

PAX Technology A920 Security Vulnerability

PAX Technology A920 is an Android mobile payment terminal from PAX Technology. A security vulnerability exists in PAX Technology A920 PayDroid8.1.0SagittariusV11.1.4520230314 and prior versions, which originates from the ability to bypass input validation when refreshing a specific partition, and...

PAX Technology Android based POS Security Vulnerability

PAX Technology Android based POS is a series of Android mobile payment terminals from China-based PAX Technology. A security vulnerability exists in PAX Technology Android based POS PayDroid8.1.0SagittariusV11.1.5020230614 and prior versions, which stems from a vulnerability that allows an attack...

PAX Technology Android based POS Backlink Vulnerability

PAX Technology Android based POS is a series of Android mobile payment terminals from China-based PAX Global PAX Technology. PAX Technology Android based POS PayDroid8.1.0SagittariusV11.1.5020230614 and prior versions suffer from a backlink vulnerability that originates from allowing commands to ...

CVE-2023-27199

PAX Technology A930 PayDroid7.1.1VirgoV04.5.0220220722 allows attackers to compile a malicious shared library and use LDPRELOAD to bypass authorization checks...

CVE-2023-27199

PAX Technology A930 PayDroid7.1.1VirgoV04.5.0220220722 allows attackers to compile a malicious shared library and use LDPRELOAD to bypass authorization checks...

Authorization

PAX Technology A930 PayDroid7.1.1VirgoV04.5.0220220722 allows attackers to compile a malicious shared library and use LDPRELOAD to bypass authorization checks...

PT-2023-21000 · Pax Technology · Pax Technology A930 Paydroid

Name of the Vulnerable Software and Affected Versions: PAX Technology A930 PayDroid version 7.1.1 Virgo V04.5.02 20220722 Description: The issue allows attackers to compile a malicious shared library and use LD PRELOAD to bypass authorization checks. This can be achieved by utilizing the LD PRELO...

CVE-2023-27199

The CVE-2023-27199 entry concerns PAX Technology A930 PayDroid_7.1.1_Virgo_V04.5.02_20220722. The issue is that an attacker can compile a malicious shared library and abuse the LD_PRELOAD mechanism to bypass authorization checks. The connected documents consistently describe this bypass of author...

CVE-2023-27199

PAX Technology A930 PayDroid7.1.1VirgoV04.5.0220220722 allows attackers to compile a malicious shared library and use LDPRELOAD to bypass authorization checks...

PAX Technology A930 操作系统命令注入漏洞

PAX Technology A930 is an Android mobile payment terminal from PAX Technology China. A security vulnerability exists in the PAX Technology A930 PayDroid7.1.1VirgoV04.5.0220220722 version, which originates from allowing arbitrary commands to be executed by using the exec service and including...

CVE-2023-27199

PAX Technology A930 PayDroid7.1.1VirgoV04.5.0220220722 allows attackers to compile a malicious shared library and use LDPRELOAD to bypass authorization checks...

PAX Technology A930 安全漏洞

PAX Technology A930 is an Android mobile payment terminal from PAX Global PAX Technology, China. A security vulnerability exists in the PAX A930 PayDroid7.1.1VirgoV04.5.0220220722 version, which originates from a vulnerability that allows an attacker to compile malicious shared libraries and bypa...

PAX Technology A930 安全漏洞

The PAX Technology A930 is an Android mobile payment terminal from China-based PAX Technology. A security vulnerability exists in the PAX Technology A930 PayDroid7.1.1VirgoV04.5.0220220722 version, which originated from a vulnerability that allows an attacker to gain root access by running a...

CVE-2023-26980

PAX Technology PAX A920 Pro PayDroid 8.1suffers from a Race Condition vulnerability, which allows attackers to bypass the payment software and force the OS to boot directly to Android during the boot process. NOTE: the vendor disputes this because the attack is not feasible: the home launcher wil...