2170 matches found
IBM Financial Transaction Manager for Corporate Payment Services Cross-Site Request Forgery Vulnerability
IBM Financial Transaction Managerfor Corporate Payment Services is a financial transaction manager product that focuses on monitoring, tracking, and reporting financial payments and transactions. A cross-site request forgery vulnerability exists in IBM FTM for Corporate Payment Services on multip...
codeology.braintreepayments.com XSS vulnerability
Vulnerable URL: http://codeology.braintreepayments.com/?url=" Details: Description| Value ---|--- Patched:| Yes, at 14.04.2016 Latest check for patch:| 14.04.2016 17:10 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated Google Pagerank| 0 V...
Trello: Payments informations are sent to the webhook when a team changes its visibility
If an attacker installed a webhook on an team, and the team subsequently changed it's visibility from private to public, the payload sent to the webhook to notify it of the visibility change could potentially have disclosed some information that the attacker shouldn't have had access to. For paid...
payleven: mobile card payments - Customized SSL, WebView SSL handling enabled vulnerabilities
HackApp vulnerability scanner discovered that application payleven: mobile card payments published at the 'play' market has multiple vulnerabilities...
SumUp – Accept EMV payments - Certificates or keys found, Exported components, External URLs vulnerabilities
HackApp vulnerability scanner discovered that application SumUp – Accept EMV payments published at the 'play' market has multiple vulnerabilities...
Coinbase: Sending payments via QR code does not require confirmation
Coinbase pushed out a feature whereby scanning a QR code inside the Coinbase Mobile app would complete payments under 0.1BTC without further confirmation. Upon reviewing this report and further consideration of the possible security implications of this feature, it was reverted. This issue has a...
The vulnerability of the Oracle E-Business Suite system’s automation activities allows a perpetrator to gain access to Oracle Payments or execute arbitrary codes.
The vulnerability of the Oracle Payments component in the Oracle E-Business Suite automation system is related to code errors. Exploiting this vulnerability can allow a malicious actor to gain access to Oracle Payments or execute arbitrary code...
CVE-2015-4849
Unspecified vulnerability in the Oracle Payments component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Punch-in. NOTE: the previous information is from the...
CVE-2015-4849
CVE-2015-4849 corresponds to an XXE injection vulnerability in Oracle E-Business Suite’s Punch-in path. The ERPScan advisory (ERPSCAN-15-029) and related sources indicate: affected product/version is Oracle E‑Business Suite 12.1.3 (likely others); vulnerable component is the Punch‑in servlet at /...
Oracle E-Business Multiple Vulnerabilities (October 2015 CPU)
The version of Oracle E-Business installed on the remote host is missing the October 2015 Oracle Critical Patch Update CPU. It is, therefore, affected by vulnerabilities in the following components : - An unspecified flaw exists in the Online Patching subcomponent in the Applications DBA. An...
Report from the PCI SSC North American Community Meeting
The Payment Card Industry Security Standards Council held their 2015 North American Community Meeting this year in Vancouver, BC, from September 29 - October 1. Coalfire was well represented at the meeting, with Dan Fritsche, Managing Director, Application Security, making two presentations at th...
Shopify: Accessing Payments page and adding payment methods with limited access accounts
Users with the Orders permission were allowed to see the store's payment gateway information. This page should have been restricted to users with the Settings permission only. Using this vulnerability a User with limited access/ No access to Settings could add/alter/change Payment settings while...
The vulnerability of the iOS operating system allows a perpetrator to gain access to sensitive information about ongoing payments.
The vulnerability of the Apple Pay component in the iOS operating system is related to the lack of protection for operational data. Exploiting this vulnerability could allow a malicious actor, acting remotely, to gain access to sensitive information about ongoing payments by reviewing log files...
Threat Outbreak Alert RuleID17700: Email Messages Distributing Malicious Software on September 2, 2015
Medium Alert ID: 40822 First Published: 2015 September 2 20:31 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID17700 may contain the following files: Name |...
Let's Take a Selfie to Shop Online With MasterCard
Difficulty in remembering complicated Passwords? Forget Passwords and Fingerprints now – and get ready to authenticate your online purchases with your SELFIES. MasterCard is experimenting a new app that would let you make online purchases by taking a selfie rather than typing a password, moving a...
CVE-2015-3388
Cross-site request forgery CSRF vulnerability in the Commerce Balanced Payments module for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that delete the user's configured bank accounts via unspecified vectors...
CVE-2015-3384
Cross-site scripting XSS vulnerability in the Bank Account Listing Page in the Commerce Balanced Payments module for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in the Commerce Balanced Payments module for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that delete the user's configured bank accounts via unspecified vectors...
Cross site scripting
Cross-site scripting XSS vulnerability in the Bank Account Listing Page in the Commerce Balanced Payments module for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...
CVE-2015-3388
Cross-site request forgery CSRF vulnerability in the Commerce Balanced Payments module for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that delete the user's configured bank accounts via unspecified vectors...