42 matches found
EUVD-2020-23703
Malware in sbrugna...
EUVD-2020-23705
Malware in sbrugna...
EUVD-2020-23702
Malware in sbrugna...
CVE-2020-36126
Pax Technology PAXSTORE v7.0.820200511171508 and lower is affected by incorrect access control that can lead to remote privilege escalation. PAXSTORE marketplace endpoints allow an authenticated user to read and write data not owned by them, including third-party users, application and payment...
PAX Technology PAXSTORE Information Disclosure Vulnerability
PAX Technology PAXSTORE is an application from China PAX PAX Inc. An ecosystem that connects 2.5 million terminals, thousands of application developers and 180+ markets in 80+ countries worldwide. An information disclosure vulnerability exists in Pax Technology PAXSTORE version v7.0.8202005111715...
Pax Technology PAXSTORE Access Control Error Vulnerability
PAX Technology PAXSTORE is an application from China PAX PAX Inc. An ecosystem that connects 2.5 million terminals, thousands of application developers and 180+ markets in 80+ countries worldwide. An access control error vulnerability exists in Pax Technology PAXSTORE version v7.0.820200511171508...
Pax Technology PAXSTORE Information Disclosure Vulnerability (CNVD-2021-34506)
PAX Technology PAXSTORE is an application from China PAX PAX Inc. An ecosystem that connects 2.5 million terminals, thousands of application developers and 180+ markets in 80+ countries worldwide. An information disclosure vulnerability exists in Pax Technology PAXSTORE version v7.0.8202005111715...
Pax Technology PAXSTORE Information Disclosure Vulnerability (CNVD-2021-34507)
PAX Technology PAXSTORE is an application from China PAX PAX Inc. An ecosystem that connects 2.5 million terminals, thousands of application developers and 180+ markets in 80+ countries worldwide. An information disclosure vulnerability exists in Pax Technology PAXSTORE version v7.0.8202005111715...
CVE-2020-36124
Pax Technology PAXSTORE v7.0.820200511171508 and lower is affected by XML External Entity XXE injection. An authenticated attacker can compromise the private keys of a JWT token and reuse them to manipulate the access tokens to access the platform as any desired user clients and administrators...
CVE-2020-36126
Pax Technology PAXSTORE v7.0.820200511171508 and lower is affected by incorrect access control that can lead to remote privilege escalation. PAXSTORE marketplace endpoints allow an authenticated user to read and write data not owned by them, including third-party users, application and payment...
CVE-2020-36128
Pax Technology PAXSTORE v7.0.820200511171508 and lower is affected by a token spoofing vulnerability. Each payment terminal has a session token called X-Terminal-Token to access the marketplace. This allows the store to identify the terminal and make available the applications distributed by its...
CVE-2020-36127
Pax Technology PAXSTORE v7.0.820200511171508 and lower is affected by an information disclosure vulnerability. Through the PUK signature functionality, an administrator will not have access to the current p12 certificate and password. When accessing this functionality, the administrator has the...
CVE-2020-36126
Pax Technology PAXSTORE v7.0.820200511171508 and lower is affected by incorrect access control that can lead to remote privilege escalation. PAXSTORE marketplace endpoints allow an authenticated user to read and write data not owned by them, including third-party users, application and payment...
CVE-2020-36124
Pax Technology PAXSTORE v7.0.820200511171508 and lower is affected by XML External Entity XXE injection. An authenticated attacker can compromise the private keys of a JWT token and reuse them to manipulate the access tokens to access the platform as any desired user clients and administrators...
CVE-2020-36127
Pax Technology PAXSTORE v7.0.820200511171508 and lower is affected by an information disclosure vulnerability. Through the PUK signature functionality, an administrator will not have access to the current p12 certificate and password. When accessing this functionality, the administrator has the...
CVE-2020-36125
Pax Technology PAXSTORE v7.0.820200511171508 and lower is affected by incorrect access control where password revalidation in sensitive operations can be bypassed remotely by an authenticated attacker through requesting the endpoint directly...
CVE-2020-36128
Pax Technology PAXSTORE v7.0.820200511171508 and lower is affected by a token spoofing vulnerability. Each payment terminal has a session token called X-Terminal-Token to access the marketplace. This allows the store to identify the terminal and make available the applications distributed by its...
CVE-2020-36125
Pax Technology PAXSTORE v7.0.820200511171508 and lower is affected by incorrect access control where password revalidation in sensitive operations can be bypassed remotely by an authenticated attacker through requesting the endpoint directly...
Hardcoded credentials
Pax Technology PAXSTORE v7.0.820200511171508 and lower is affected by incorrect access control where password revalidation in sensitive operations can be bypassed remotely by an authenticated attacker through requesting the endpoint directly...
Information disclosure
Pax Technology PAXSTORE v7.0.820200511171508 and lower is affected by an information disclosure vulnerability. Through the PUK signature functionality, an administrator will not have access to the current p12 certificate and password. When accessing this functionality, the administrator has the...