19 matches found
CVE-2026-2010
A vulnerability has been found in Sanluan PublicCMS up to 4.0.202506.d/5.202506.d/6.202506.d. Impacted is the function Paid of the file publiccms-parent/publiccms-trade/src/main/java/com/publiccms/logic/service/trade/TradePaymentService.java of the component Trade Payment Handler. The manipulatio...
CVE-2026-2010
CVE-2026-2010 affects Sanluan PublicCMS up to 4.0.202506.d/5.202506.d/6.202506.d. The vulnerability resides in the Paid function of TradePaymentService.java (path: publiccms-parent/publiccms-trade/src/main/java/com/publiccms/logic/service/trade/TradePaymentService.java) and is due to manipulation...
MAL-2025-49351 Malicious code in @isv-occ-payment/occ-payment-service (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a6435cd052d81a7abf539cf06234ea4e9bb102c08202d0a6856c46e4826e02ab The package @isv-occ-payment/occ-payment-service was found to contain malicious code. Source: ghsa-malware...
EUVD-2025-37737
Malicious code in @isv-occ-payment/occ-payment-service npm...
MAL-2025-28944 Malicious code in payment_service_client (npm)
The package paymentserviceclient was found to contain malicious code...
Malicious code in payment_service_client (npm)
The package paymentserviceclient was found to contain malicious code...
Malicious code in seller-payment-service (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d44757e327bb3b799c0a57420dbf4938d8f03a1760165d355556e598227605e4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-10804 Malicious code in seller-payment-service (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d44757e327bb3b799c0a57420dbf4938d8f03a1760165d355556e598227605e4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in Easy.Abp.PaymentService.Domain.Shared (NuGet)
--- -= Per source details. Do not edit below this line.=-...
PCI DSS 4.0.1: New Clarifications on Client-Side Security – What You Need to Know
As a leading provider of web application and API security solutions, Imperva is committed to helping merchants, payment processors, and anyone seeking to comply with the latest PCI DSS requirements. We previously discussed the changes introduced in PCI DSS 4.0. This blog will cover the...
MAL-2022-5824 Malicious code in rn-amazon-payment-service (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 55dc607d7f550e21e91f6f04e1b1aed4b17e87f68d49c8f20d4fd3f413cbcc5a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in rn-amazon-payment-service (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 55dc607d7f550e21e91f6f04e1b1aed4b17e87f68d49c8f20d4fd3f413cbcc5a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
HackerOne: A small set of users were assigned someone else's payout preference
On December 20th, 2016, HackerOne introduced a new payout preference that allowed employee bounties to be paid through payroll. At the time, a feature was added to our support backend that allowed the IT department to provision this special payout preference for HackerOne employees. To help the I...
Sagepay - Critical - Access Bypass - SA-CONTRIB-2018-005
This module integrates the Sagepay payment service. Some of the URLs used while processing the payment are not sufficiently secured. This might allow attackers to resume a previously failed payment attempt or to view content that should only be shown after a succesful payment. This affects all...
Tinba Variant Spotted Targeting Russian, Japanese Banks
Cybercriminals behind the Tinba banking Trojan have been homing in on some of the larger banks in Russia and Japan, experts claim. According to researchers with Dell SecureWorks, who looked at an instance of the malware last month, configuration files in one variant are targeting one of the...
Novalnet Payment Module Drupal Commerce - Critical - SQL Injection - Unsupported - SA-CONTRIB-2015-117
This module enables you add the Novalnet payment service provider to Drupal Commerce. The module fails to sanitize a database query by not using the database API properly, thereby leading to a SQL Injection vulnerability. Since the affected path is not protected against CSRF, a malicious user can...
PayPal Inc BB #42 - Persistent POST Inject Vulnerability
Document Title: =============== PayPal Inc BB 42 - Persistent POST Inject Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=801 PayPal Security UID: kxy1ea5ech Release Date: ============= 2013-11-17 Vulnerability Laboratory ID VL-ID:...
[Full-disclosure] Alibaba Alipay Remote Code Execute Vulnerability-0DAY
Alibaba Alipay Remote Code Execute Vulnerability by cocoruderfrankruderathotmail.com http://ruder.cdut.;et Summary: Alipay is China’s leading online payment service, and a division of Alibaba.com. It enables individuals and businesses to securely, easily and quickly send and receive payments...
VERISIGN "PAYFLOW LINK" PAYMENT SERVICE SECURITY FAILURE
VERISIGN PAYFLOW PAYMENT SERVICE SECURITY FAILURE PAYFLOW LINK SERVICE DESCRIPTION: The final checkout page of various online shopping cart applications presents the shopper with a form asking for credit card acct, exp date, etc. When the shopper submits the form, the data is sent directly to the...