Cross-site Request Forgery (CSRF)

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF in the admin/save.json.php process. An attacker can modify sensitive plugin configurations, such as payment processor credentials o...

GHSA-FXC9-7J2W-VX54 mpp has multiple payment bypass and griefing vulnerabilities

Impact Multiple vulnerabilities were discovered which allowed for undesirable behaviors, including: - Performing free tempo/charge requests - Replaying existing tempo/charge requests - Performing free tempo/session requests - Piggybacking off existing tempo/session channels - Griefing existing...

How Cryptocurrency Turns to Cash in Russian Banks

A financial firm registered in Canada has emerged as the payment processor for dozens of Russian cryptocurrency exchanges and websites hawking cybercrime services aimed at Russian-speaking customers, new research finds. Meanwhile, an investigation into the Vancouver street address used by this...

CVE-2024-45401 stripe-cli Path Traversal vulnerability

stripe-cli is a command-line tool for the payment processor Stripe. A vulnerability exists in stripe-cli starting in version 1.11.1 and prior to version 1.21.3 where a plugin package containing a manifest with a malformed plugin shortname installed using the --archive-url or --archive-path flags...

Attackers are impersonating a road toll payment processor across the U.S. in phishing attacks

My wife no stranger to weird types of scams recently received a fake text message from someone claiming to be New Jerseys E-ZPass program saying that she had an outstanding balance from highway tolls that she owed, prompting her to visit a site so she could pay and avoid additional fines. There w...

FTC tackles tech support scams by chasing payment processor firms

A multinational payment processing company and two of its executives are facing a potential $650k fine as a result of allegedly processing credit card payments for tech support scammers. While this fine isnt exactly massive in comparison to some of the privacy breaches and other incidents seen do...

Anonymous NB65 Claims Hack on Russian Payment Processor Qiwi

By Waqas The Anonymous affiliated Network Battalion aka NB65 group has allegedly targeted a Russian payment processing platform Qiwi and… This is a post from HackRead.com Read the original post: Anonymous NB65 Claims Hack on Russian Payment Processor Qiwi...

Euronet Worldwide: Speedy, Global Response to Threats Reduces Risk

After years of using manual processes and systems to manage its IT inventory and track vulnerabilities, racking up costs, and increasing the complexity of asset and vulnerability management, Euronet Worldwide needed a way to get a single, accurate and timely view of risk exposure at the group...

Cross-site Scripting (XSS) - Stored in btcpayserver/btcpayserver

✍️ Description Accept Bitcoin payments. Free, open-source & self-hosted, Bitcoin payment processor this package is vulnerable for xss 🕵️‍♂️ Proof of Concept 💥 Impact This vulnerability is capable of xss...

BTCPay Server Cross-Site Scripting Vulnerability (CNVD-2021-34111)

BTCPay Server is a self-hosted open source cryptocurrency payment processor. It is secure, private, uncensored and free. A cross-site scripting vulnerability exists in BTCPay Server version 1.0.7.0 and prior versions, which stems from a weak method Next to generate pseudo-random values to generat...

BTCPay Server Path Traversal Vulnerability

BTCPay Server is a self-hosted open source cryptocurrency payment processor. It is secure, private, uncensored and free. A path traversal vulnerability exists in BTCPay Server version 1.0.7.0 and prior versions, which arises from a failure of a networked system or product to properly filter speci...

BTCPay Server Information Disclosure Vulnerability

BTCPay Server is a self-hosted open source cryptocurrency payment processor. It is secure, private, uncensored and free. An information disclosure vulnerability exists in BTCPay Server versions prior to 1.0.6.0 that stems from a privacy vulnerability when using the payment button. No details of t...

Unspecified Vulnerability in BTCPay Server

BTCPay Server is a self-hosted open source cryptocurrency payment processor. It is secure, private, uncensored and free. A security vulnerability exists in BTCPay Server versions prior to 1.0.7.1, which stems from incorrectly handling policy settings that allow users to register. No details of th...

WordPress NAB Transact WooCommerce 2.1.0 Payment Bypass Vulnerability

Exploit for php platform in category web applications Title: Payment bypass Product: WordPress NAB Transact WooCommerce Plugin Vendor Homepage: https://woocommerce.com/products/nab-transact-direct-post/ Vulnerable Version: 2.1.0 Fixed Version: 2.1.2 CVE Number: CVE-2020-11497 Author: Jack Misiura...

Enterprise Edition Payment Processor Script 3.7 - SQL Injection

Enterprise Edition Payment Processor Script 3.7 - SQL Injection Exploit Title: Enterprise Edition Payment Processor Script 3.7 - SQL Injection Dork: N/A Date: 14.09.2017 Vendor Homepage: https://www.goterhosting.com/ Software Link: https://www.goterhosting.com/payment-processor-script.php Demo:...

Fraudulent Donations Lead to Disbanding of Hutchins Legal Defense Fund

A legal defense fund established to ease Marcus Hutchins’ attorney costs has been disbanded after a sizable number of fraudulent donations were discovered. Hutchins, known as Malware Tech, is facing six counts for his alleged involvement in creating and distributing the Kronos banking malware. Th...

Attack on FIS More Widespread Than Reported

A previously reported attack against Fidelity National Information Services FIS two years ago was actually much more widespread than initially reported according to a document released to banks from the FDIC late last month. Compounding matters, as of the FDIC’s audit FIS had not taken the...

Liberty Reserve founder arrested for money laundering, service closed down

Liberty Reserve, a payment processor similar to Paypal was down on Saturday after the founder of Liberty Reserve, Arthur Budovsky Belanchuk, 39, on Friday was reportedly arrested in Spain by Costa Rican authorities after his they raided suspect´s home and offices in San José and Heredia. Mr...

Heartland Data Breach Suit Back from the Dead

For all intents and purposes, the Heartland Payment Systems data breach saga ended more than two years ago when the embattled payment processor finalized settlements paying out millions of dollars to various banks, credit card issuers and consumers. That is until a handful of banks reportedly...

Claims Of Attack On Visa, Mastercard Fizzle

One day after a hacker using the handle “Reckz0r” claims to have infiltrated 79 different banks and leaked information allegedly belonging to Visa and MasterCard customers, there are questions about whether a hack actually occurred. According to a post yesterday on Pastebin, the hacker Reckz0r...