13 matches found
EUVD-2023-46596
Malicious code in bioql PyPI...
EUVD-2023-46593
Malicious code in bioql PyPI...
CVE-2023-42133
The CVE-2023-42133 issue affects PAX Android based POS devices. The vulnerability allows escalation of privilege via improperly configured scripts in the PayDroid runtime, requiring shell access with system account privileges to exploit. A firmware patch addressing this vulnerability is included ...
CVE-2023-42133
PAX Android based POS devices allow for escalation of privilege via improperly configured scripts. An attacker must have shell access with system account privileges in order to exploit this vulnerability. A patch addressing this issue was included in firmware version...
Cyber Signals: Inside the growing risk of gift card fraud
In the ever-evolving landscape of cyberthreats, staying ahead of malicious actors is a constant challenge. Microsoft Threat Intelligence has observed that gift cards are attractive targets for fraud and social engineering practices. Unlike credit or debit cards, there’s no customer name or bank...
CVE-2023-42134
PAX Android based POS devices with PayDroid8.1.0SagittariusV11.1.4520230314 or earlier can allow the signed partition overwrite and subsequently local code execution via hidden command. The attacker must have physical USB access to the device in order to exploit this vulnerability...
CVE-2023-42136
PAX Android based POS devices with PayDroid8.1.0SagittariusV11.1.5020230614 or earlier can allow the execution of arbitrary commands with system account privilege by shell injection starting with a specific word. The attacker must have shell access to the device in order to exploit this...
CVE-2023-42134
CVE-2023-42134 and CVE-2023-42135 affect PAX Android PoS devices (e.g., A920Pro/A50) and enable local code execution as root via kernel parameter injection in fastboot on affected PayDroid builds before 20230614; CVE-2023-42136 and CVE-2023-42137 enable privilege escalation via shell injection in...
CVE-2023-3656
cashIT! - serving solutions. Devices from "PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH" to 03.A06rks 2023.02.37 are affected by an unauthenticated remote code execution vulnerability. This vulnerability can be triggered by an HTTP endpoint exposed to the network...
Code injection
cashIT! - serving solutions. Devices from "PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH" to 03.A06rks 2023.02.37 are affected by a dangerous methods, that allows to leak the database system settings, user accounts,.... This vulnerability can be triggered by an HTTP endpoint exposed to the...
CVE-2023-3654
CVE-2023-3654 affects cashIT! devices from PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH up to version 2023.02.37. The issue is an origin bypass via the HTTP Host header, triggered by an HTTP endpoint exposed to the network. The root cause is a host-header-based origin check bypass, enabling u...
Grocery Stores 'Supervalu' and 'Albertsons' Hacked for Credit Card Data
Albertson’s and SuperValu - Two nation’s most popular supermarket store chains announced last weekend that a data breach may have revealed the credit and debit card information of their customers at a number of grocery store locations in more than 18 states. Minnesota-based Supervalu announced...
Soraya Malware Packs Form Grabbing, Memory Scraping Functionality
Malware capable of infecting point-of-sale devices once was a novelty, but it’s quickly becoming more common. Researchers at Arbor Networks have unearthed a new strain of PoS malware called Soraya that can scrape memory and has the ability to intercept information sent from Web forms, a specialty...