Lucene search
K

2170 matches found

CNVD
CNVD
added 2016/04/14 12:0 a.m.2 views

IBM Financial Transaction Manager for Corporate Payment Services Cross-Site Request Forgery Vulnerability

IBM Financial Transaction Managerfor Corporate Payment Services is a financial transaction manager product that focuses on monitoring, tracking, and reporting financial payments and transactions. A cross-site request forgery vulnerability exists in IBM FTM for Corporate Payment Services on multip...

8CVSS6.9AI score0.00673EPSS
Exploits0References1
Openbugbounty
Openbugbounty
added 2016/04/07 10:17 a.m.11 views

codeology.braintreepayments.com XSS vulnerability

Vulnerable URL: http://codeology.braintreepayments.com/?url=" Details: Description| Value ---|--- Patched:| Yes, at 14.04.2016 Latest check for patch:| 14.04.2016 17:10 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated Google Pagerank| 0 V...

6.3AI score
Exploits0
Hacker One
Hacker One
added 2016/04/05 10:49 a.m.24 views

Trello: Payments informations are sent to the webhook when a team changes its visibility

If an attacker installed a webhook on an team, and the team subsequently changed it's visibility from private to public, the payload sent to the webhook to notify it of the visibility change could potentially have disclosed some information that the attacker shouldn't have had access to. For paid...

6.5AI score
Exploits0
hackapp
hackapp
added 2016/04/01 8:51 a.m.10 views

payleven: mobile card payments - Customized SSL, WebView SSL handling enabled vulnerabilities

HackApp vulnerability scanner discovered that application payleven: mobile card payments published at the 'play' market has multiple vulnerabilities...

0.3AI score
Exploits0References1Affected Software1
hackapp
hackapp
added 2016/04/01 8:51 a.m.9 views

SumUp – Accept EMV payments - Certificates or keys found, Exported components, External URLs vulnerabilities

HackApp vulnerability scanner discovered that application SumUp – Accept EMV payments published at the 'play' market has multiple vulnerabilities...

0.5AI score
Exploits0References1Affected Software1
Hacker One
Hacker One
added 2016/03/29 10:2 p.m.21 views

Coinbase: Sending payments via QR code does not require confirmation

Coinbase pushed out a feature whereby scanning a QR code inside the Coinbase Mobile app would complete payments under 0.1BTC without further confirmation. Upon reviewing this report and further consideration of the possible security implications of this feature, it was reverted. This issue has a...

6.9AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2015/11/05 12:0 a.m.6 views

The vulnerability of the Oracle E-Business Suite system’s automation activities allows a perpetrator to gain access to Oracle Payments or execute arbitrary codes.

The vulnerability of the Oracle Payments component in the Oracle E-Business Suite automation system is related to code errors. Exploiting this vulnerability can allow a malicious actor to gain access to Oracle Payments or execute arbitrary code...

6.8CVSS7.6AI score0.03088EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2015/10/21 11:59 p.m.22 views

CVE-2015-4849

Unspecified vulnerability in the Oracle Payments component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Punch-in. NOTE: the previous information is from the...

6.8CVSS5.9AI score0.03088EPSS
Exploits0References7
CVE
CVE
added 2015/10/21 11:0 p.m.61 views

CVE-2015-4849

CVE-2015-4849 corresponds to an XXE injection vulnerability in Oracle E-Business Suite’s Punch-in path. The ERPScan advisory (ERPSCAN-15-029) and related sources indicate: affected product/version is Oracle E‑Business Suite 12.1.3 (likely others); vulnerable component is the Punch‑in servlet at /...

6.8CVSS6AI score0.03088EPSS
Exploits0References7Affected Software1
Tenable Nessus
Tenable Nessus
added 2015/10/21 12:0 a.m.61 views

Oracle E-Business Multiple Vulnerabilities (October 2015 CPU)

The version of Oracle E-Business installed on the remote host is missing the October 2015 Oracle Critical Patch Update CPU. It is, therefore, affected by vulnerabilities in the following components : - An unspecified flaw exists in the Online Patching subcomponent in the Applications DBA. An...

10CVSS7.5AI score0.03871EPSS
Exploits0References13
The Coalfire Blog
The Coalfire Blog
added 2015/10/08 3:32 p.m.13 views

Report from the PCI SSC North American Community Meeting

The Payment Card Industry Security Standards Council held their 2015 North American Community Meeting this year in Vancouver, BC, from September 29 - October 1. Coalfire was well represented at the meeting, with Dan Fritsche, Managing Director, Application Security, making two presentations at th...

0.6AI score
Exploits0
Hacker One
Hacker One
added 2015/10/05 9:22 p.m.16 views

Shopify: Accessing Payments page and adding payment methods with limited access accounts

Users with the Orders permission were allowed to see the store's payment gateway information. This page should have been restricted to users with the Settings permission only. Using this vulnerability a User with limited access/ No access to Settings could add/alter/change Payment settings while...

3.8AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2015/10/02 12:0 a.m.6 views

The vulnerability of the iOS operating system allows a perpetrator to gain access to sensitive information about ongoing payments.

The vulnerability of the Apple Pay component in the iOS operating system is related to the lack of protection for operational data. Exploiting this vulnerability could allow a malicious actor, acting remotely, to gain access to sensitive information about ongoing payments by reviewing log files...

4.3CVSS5.4AI score0.01533EPSS
Exploits0References3Affected Software1
Cisco Threats
Cisco Threats
added 2015/09/02 8:31 p.m.11 views

Threat Outbreak Alert RuleID17700: Email Messages Distributing Malicious Software on September 2, 2015

Medium Alert ID: 40822 First Published: 2015 September 2 20:31 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID17700 may contain the following files: Name |...

0.4AI score
Exploits0
The Hacker News
The Hacker News
added 2015/07/02 7:51 p.m.20 views

Let's Take a Selfie to Shop Online With MasterCard

Difficulty in remembering complicated Passwords? Forget Passwords and Fingerprints now – and get ready to authenticate your online purchases with your SELFIES. MasterCard is experimenting a new app that would let you make online purchases by taking a selfie rather than typing a password, moving a...

6.7AI score
Exploits0
NVD
NVD
added 2015/04/21 6:59 p.m.23 views

CVE-2015-3388

Cross-site request forgery CSRF vulnerability in the Commerce Balanced Payments module for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that delete the user's configured bank accounts via unspecified vectors...

5.8CVSS7.2AI score0.00649EPSS
Exploits0References3
NVD
NVD
added 2015/04/21 6:59 p.m.22 views

CVE-2015-3384

Cross-site scripting XSS vulnerability in the Bank Account Listing Page in the Commerce Balanced Payments module for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...

3.5CVSS5.2AI score0.00954EPSS
Exploits0References3
Prion
Prion
added 2015/04/21 6:59 p.m.12 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the Commerce Balanced Payments module for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that delete the user's configured bank accounts via unspecified vectors...

5.8CVSS7.7AI score0.00649EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2015/04/21 6:59 p.m.17 views

Cross site scripting

Cross-site scripting XSS vulnerability in the Bank Account Listing Page in the Commerce Balanced Payments module for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...

3.5CVSS5.7AI score0.00954EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2015/04/21 6:0 p.m.30 views

CVE-2015-3388

Cross-site request forgery CSRF vulnerability in the Commerce Balanced Payments module for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that delete the user's configured bank accounts via unspecified vectors...

7.2AI score0.00649EPSS
Exploits0References3
Rows per page
Query Builder