16 matches found
EUVD-2021-17054
Malware in sbrugna...
EUVD-2022-52824
Malicious code in bioql PyPI...
CVE-2021-30114
Web-School ERP V 5.0 contains a cross-site request forgery CSRF vulnerability that allows a remote attacker to create a voucher payment request through module/accounting/voucher/create. The application fails to validate the CSRF token for a POST request using admin privilege...
Stored HTML Injection inside the >>> Request payment >>> Request Customer Data Checkout >>> Request shipping address
Team, I hope you are all doing well. . I wanted to bring to your attention a potential vulnerability on the website https://mainnet.demo.btcpayserver.org/stores/6YSiuoN6q1yF2ucWZvWojBuVJAJzXxFFUn9cw8iNPPMC/payment-requests/edit/ec575d56-6b8e-41bd-8b9a-bdcda9c5daad. . During my research, I...
CVE-2022-31246
paymentrequest.py in Electrum before 4.2.2 allows a file:// URL in the r parameter of a payment request e.g., within QR code data. On Windows, this can lead to capture of credentials over SMB. On Linux and UNIX, it can lead to a denial of service by specifying the /dev/zero filename...
CVE-2022-31246
paymentrequest.py in Electrum before 4.2.2 allows a file:// URL in the r parameter of a payment request e.g., within QR code data. On Windows, this can lead to capture of credentials over SMB. On Linux and UNIX, it can lead to a denial of service by specifying the /dev/zero filename...
CVE-2022-31246
paymentrequest.py in Electrum before 4.2.2 allows a file:// URL in the r parameter of a payment request e.g., within QR code data. On Windows, this can lead to capture of credentials over SMB. On Linux and UNIX, it can lead to a denial of service by specifying the /dev/zero filename...
CVE-2022-31246
Electrum ≤ 4.2.1 is affected by a vulnerability in paymentrequest.py that allows a file:// URL in the r parameter of a payment request (e.g., in QR code data). The issue can cause credential leakage on Windows via SMB and, on Linux/UNIX, denial of service by referencing the /dev/zero filename. Re...
Web-School ERP Cross-Site Request Forgery Vulnerability
Web-School ERP is a school management software for schools and educational organizations. A cross-site request forgery vulnerability exists in Web-School ERP version 5.0. An attacker can exploit this vulnerability to create a voucher payment request via module/accounting/voucher/create...
Cross site request forgery (csrf)
Web-School ERP V 5.0 contains a cross-site request forgery CSRF vulnerability that allows a remote attacker to create a voucher payment request through module/accounting/voucher/create. The application fails to validate the CSRF token for a POST request using admin privilege...
Coinbase: Requestor Email Disclosure via Email Notification
When a Coinbase user requests money from another coinbase user, the user that receives the request sees an email that says, in part: John Smith [email protected] sent you a request to pay 1 BTC using Coinbase. Where John Smith is the sending account's display name meaning you can make it whatever you...
Mobile payment software is now vulnerabilities hackers use Siri to steal your money-vulnerability warning-the black bar safety net
! Venmo's security holes is by the Salesforce security engineer Martin Vigo found, and this vulnerability using the“medium”is very special, Siri in this process is very unfortunately become a hackers attack our tools. The hackers have to do things very simple, he just need to ask Siri to send a...
Threat Outbreak Alert: Fake Invoice Payment Request Email Messages on February 26, 2014
Medium Alert ID: 33089 First Published: 2014 February 27 21:23 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain an invoice for the recipient. The text in the email message attempts to convince the recipient to open the...
Threat Outbreak Alert: Fake Payment Request Email Messages on February 13, 2014
Medium Alert ID: 32871 First Published: 2014 February 15 02:41 GMT Version: 1 Summary Cisco Security has detected significant activity related to Spanish-language spam email messages that claim to contain a payment request notification for the recipient. The text in the email message attempts to...
Threat Outbreak Alert: Fake Payment Request Notification Email Messages on July 23, 2013
Medium Alert ID: 30181 First Published: 2013 July 23 15:47 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain payment request notification for the recipient. The text in the email message attempts to convince the recipient ...
New Mac Phishing Attack
An email which purports to relate to a recent Apple retail transaction and asks for details of any recent orders is out there. The email also carries a stuffed file. This contains an ‘exe’ file which will only launch on a Windows machine. The email reads: “We recorded a payment request from ‘Appl...