Leyka < 3.30.7.1 - Subscriber+ Sensitive Information Disclosure

Description The plugin is vulnerable to Sensitive Information Exposure via the 'leykaajaxgetenvandoptions' function. This can allow authenticated attackers with subscriber-level permissions or above to extract sensitive data including Sberbank API key and password, PayPal Client Secret, and more...

CVE-2023-4917

The Leyka plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.30.3 via the 'leykaajaxgetenvandoptions' function. This can allow authenticated attackers with subscriber-level permissions or above to extract sensitive data including Sberbank API...

Design/Logic Flaw

The Leyka plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.30.3 via the 'leykaajaxgetenvandoptions' function. This can allow authenticated attackers with subscriber-level permissions or above to extract sensitive data including Sberbank API...

CVE-2023-4917 Leyka <= 3.30.7 - Authenticated (Subscriber+) Sensitive Information Exposure

The Leyka plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.30.7 via the 'leykaajaxgetenvandoptions' function. This can allow authenticated attackers with subscriber-level permissions or above to extract sensitive data including Sberbank API...

PT-2023-31087 · WordPress · Leyka

Name of the Vulnerable Software and Affected Versions: Leyka plugin for WordPress versions up to, and including, 3.30.3 Description: The issue allows authenticated attackers with subscriber-level permissions or above to extract sensitive data, including Sberbank API key and password, PayPal Clien...

GitHub Blocks Accounts of Two Large Russian Banks Amid US Sanctions

By Waqas As of now, this move has mainly impacted two large banks reportedly Sberbank and Alfa-Bank, and some individual… This is a post from HackRead.com Read the original post: GitHub Blocks Accounts of Two Large Russian Banks Amid US Sanctions...

sberbank-uploads.chatbot.ba GDPR PII Exposure vulnerability

Open Bug Bounty ID: OBB-1146386 Security Researcher dubstard Helped patch 0 vulnerabilities Received 0 Coordinated Disclosure badges , found a security vulnerability affecting sberbank-uploads.chatbot.ba website and its users. Following coordinated and responsible vulnerability disclosure...

GPlayed's younger brother is a banker — and it's after Russian banks

This blog post is authored by Vitor Ventura. Introduction Cisco Talos published its findings on a new Android trojan known as "GPlayed" on Oct. 11. At the time, we wrote that the trojan seemed to be in the testing stages of development, based on the malware's code patterns, strings and telemetry...

data.sberbank.ru XSS vulnerability

Open Bug Bounty ID: OBB-665815 Description| Value ---|--- Affected Website:| data.sberbank.ru Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

sberbank.ru Open Redirect vulnerability

Open Bug Bounty ID: OBB-665230 Description| Value ---|--- Affected Website:| sberbank.ru Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Open Redirect / CWE-601 CVSSv3 Score:| 3.4...

sberbank.at XSS vulnerability

Open Bug Bounty ID: OBB-632956 Description| Value ---|--- Affected Website:| sberbank.at Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

sberbank.at XSS vulnerability

Open Bug Bounty ID: OBB-595867 Description| Value ---|--- Affected Website:| sberbank.at Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

sberbank-mb2.ru XSS vulnerability

Open Bug Bounty ID: OBB-586649 Description| Value ---|--- Affected Website:| sberbank-mb2.ru Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

online.sberbankins.ru XSS vulnerability

Open Bug Bounty ID: OBB-583412 Description| Value ---|--- Affected Website:| online.sberbankins.ru Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

online.sberbank.ru XSS vulnerability

Vulnerable URL: https://online.sberbank.ru/CSAFront/service.do?srvUrl=%27-alert%27XSSPOSED%27-%27 Details: Description| Value ---|--- Patched:| Yes, at 11.01.2018 Latest check for patch:| 11.01.2018 16:11 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown /...

Sberbank Mobile Banking - Customized SSL, MIT license, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Sberbank Mobile Banking published at the 'play' market has multiple vulnerabilities...

Sberbank Online Kazakhstan - BSD license, Customized SSL, GPL license vulnerabilities

HackApp vulnerability scanner discovered that application Sberbank Online Kazakhstan published at the 'play' market has multiple vulnerabilities...

Sberbank Online Ukraine - Dangerous filesystem permissions, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Sberbank Online Ukraine published at the 'play' market has multiple vulnerabilities...

Сбербанк Онлайн - Certificates or keys found, Corrupted files, Exported components vulnerabilities

HackApp vulnerability scanner discovered that application Сбербанк Онлайн published at the 'play' market has multiple vulnerabilities...

3dsec.sberbank.ru XSS vulnerability

Vulnerable URL: https://3dsec.sberbank.ru/payment/merchants/russianitgroup/paymentru.html?returnUrl=javascript:alert'XSSPOSED' Details: Description| Value ---|--- Patched:| Yes, at 23.10.2017 Latest check for patch:| 23.10.2017 13:31 GMT Vulnerability type:| XSS Vulnerability status:| Publicly...