CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2022/06/20 8:24 p.m.•6 views

MAL-2022-4316 Malicious code in lint-config-qiwi (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 82e79286ad9f157e9ada13b80515e00e1ad6d6c2ba5ef082e276af3e9da6d390 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSSF Malicious Packages•added 2022/06/20 8:24 p.m.•2 views

Malicious code in lint-config-qiwi (npm)

OSV•added 2022/06/20 8:22 p.m.•5 views

MAL-2022-5545 Malicious code in qiwi-widget-charaty (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1a78b0c9fcd77b11b47fed981677c01865959da4f8757b33d6c1c746474a0736 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSSF Malicious Packages•added 2022/06/20 8:22 p.m.•3 views

Malicious code in qiwi-widget-charaty (npm)

OSSF Malicious Packages•added 2022/06/20 8:22 p.m.•3 views

Malicious code in qiwi-neutrino-presets (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 59e4a8fc84ca3e47ea1f2c922d62dd3b6d56b96f82d379dc7e86dc36cb06b5b7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSSF Malicious Packages•added 2022/06/20 8:22 p.m.•3 views

Malicious code in qiwi-substrate-monorepo (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dc244b702c1e5c4fb1122683ac5e3f9f514f35c8a21511e6b11fd6a07e41beac Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSV•added 2022/06/20 8:22 p.m.•6 views

MAL-2022-5543 Malicious code in qiwi-neutrino-presets (npm)

OSV•added 2022/06/20 8:22 p.m.•5 views

MAL-2022-5544 Malicious code in qiwi-substrate-monorepo (npm)

OSV•added 2022/06/20 8:22 p.m.•8 views

MAL-2022-5546 Malicious code in qiwi-widgets-landing (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5918b2e5d3410ab7cb968a3b16aef1baba54bbccdea5db15edf8b8ea63f0229f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSSF Malicious Packages•added 2022/06/20 8:22 p.m.•3 views

Malicious code in qiwi-widgets-landing (npm)

OSV•added 2022/06/20 8:13 p.m.•8 views

MAL-2022-548 Malicious code in @qw-app/qiwi (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c155b13c781455ed315769d135fb47f202b74b7182e1d422180dbd3796d77584 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

HackRead•added 2022/05/08 11:49 p.m.•15 views

Anonymous NB65 Claims Hack on Russian Payment Processor Qiwi

By Waqas The Anonymous affiliated Network Battalion aka NB65 group has allegedly targeted a Russian payment processing platform Qiwi and… This is a post from HackRead.com Read the original post: Anonymous NB65 Claims Hack on Russian Payment Processor Qiwi...

1.8AI score

Hacker One•added 2021/12/07 4:45 p.m.•13 views

QIWI: disclosing clients' secret keys https://stage-uapi.tochka.com:2000/

The reporter has found an open URL on a staging server leaking client IDs and client secrets used in oauth2...

Hacker One•added 2021/11/16 6:58 p.m.•27 views

QIWI: broken authentication (password reset link not expire after use in https://network.tochka.com/sign-up)

target :-https://network.tochka.com/ bug:-- Broken Authentication Password Reset Link Not Expired After Use severity:- medium“Insufficient Security Configurability Weak Reset Password Implementation Token Not Invalidated After Use” Steps To Find This Bug: 1.Go to https://network.tochka.com/sign-u...

0.7AI score

Hacker One•added 2021/10/24 9:39 p.m.•24 views

QIWI: account takeover through password reset in url https://reklama.tochka.com/

Steps to reproduce 1- Create an account 2- visit this url https://reklama.tochka.com/mainpage1/recover/ 2- Enter your email and intercept the response to the request that recovers your password you will notice that it looks like this HTTP/1.1 200 OK Server: nginx Date: Sun, 24 Oct 2021 21:32:20 G...

0.3AI score

Hacker One•added 2021/05/22 4:1 a.m.•14 views

QIWI: account impersonate through broken link

hi team, hope you are good, A link in qiwi.com was broken and anyone could create that account which leads to account impersonate poc:- F1310817 Steps To Reproduce 1 Visit https://qiwi.com/sm 2 the link will redirect you to http://unbouncepages.com/savemyphone/ which is throwing a error "The...

1.4AI score

Patchstack•added 2021/04/16 12:0 a.m.•19 views

WordPress QIWI for WooCommerce plugin <= 0.0.9 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability

Unauthenticated Reflected Cross-Site Scripting XSS vulnerability discovered by Frank Liauw in WordPress QIWI for WooCommerce plugin versions = 0.0.9. Solution This plugin has been closed as of April 12, 2021 and is not available for download. This closure is temporary, pending a full review...

3AI score0.01803EPSS

Exploits2References2Affected Software1

Hacker One•added 2021/04/07 12:36 a.m.•86 views

QIWI: SSRF на https://qiwi.com с помощью "Prerender HAR Capturer"

Здравствуйте! На сайте https://qiwi.com вы используете Prerender HAR Capturer 5.6.0 на основе Headless Chrome для рендеринга HTML, снимков экрана, PDF-файлов и файлов HAR с любой веб-страницы https://github.com/prerender/prerender. Если на qiwi.com послать запрос с измененным юзер-агентом...