10 matches found
CVE-2025-30073
An issue was discovered in OPC cardsystems Webapp Aufwertung 2.1.0. The reference assigned to transactions can be reused. When completing a payment, the first or all transactions with the same reference are completed, depending on timing. This can be used to transfer more money onto employee card...
Royalty Payment Invariant Violation
Lines of code Vulnerability details Impact The vulnerability in the payment mechanism of the smart contract significantly impacts the protocol's functionality. The root cause of the vulnerability is that, despite the README stating an invariant that "Payments can only be made when royalties are...
ASB-A-268038643
In onHostEmulationData of HostEmulationManager.java, there is a possible way for a general purpose NFC reader to read the full card number and expiry details when the device is in locked screen mode due to a logic error in the code. This could lead to local information disclosure with no addition...
CVE-2021-23178
Improper access control in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows attackers to validate online payments with a tokenized payment method that belongs to another user, causing the victim's payment method to be charged instead...
Malicious callers can replay change orders
Lines of code Vulnerability details Unlike some of the other signature based operations in the Rigor system, change order signatures do not include a nonce and are vulnerable to replay attacks. A number of exploits are possible using replayed change orders, including subcontractors extracting...
Visma Public: Missing authorization allows sales only user to record payment.
The researcher has found a missing authorization issue that allowed a sales only user to record payments that he was not supposed to...
CardGate < 3.1.16 - Unauthorised Payments Hijacking and Order Status Spoofing
Lack of origin authentication CWE-346 at IPN callback processing function allow even unauthorized attacker to remotely replace critical plugin settings merchant id, secret key etc with known to him and therefore bypass payment process eg. spoof order status by manually sending IPN callback reques...
CardGate < 3.1.16 - Unauthorised Payments Hijacking and Order Status Spoofing
Lack of origin authentication CWE-346 at IPN callback processing function allow even unauthorized attacker to remotely replace critical plugin settings merchant id, secret key etc with known to him and therefore bypass payment process eg. spoof order status by manually sending IPN callback reques...
QIWI: ΠΠ°ΠΊΠΈΠΌ-ΡΠΎ ΠΎΠ±ΡΠ°Π·ΠΎΠΌ ΠΏΠΎΠ»ΡΡΠΈΠ» ΡΡΠΆΠΎΠΉ ΠΏΠ»Π°ΡΠ΅ΠΆ ΠΊ ΡΠ΅Π±Π΅ Π½Π° ΠΊΠΎΠΏΠΈΠ»ΠΊΡ https://qiwi.me/undefined
ΠΠ°ΡΠ΅Π³ΠΈΡΡΡΠΈΡΠΎΠ²Π°Π» ΠΊΠΎΠΏΠΈΠ»ΠΊΡ https://qiwi.me/undefined ΠΡΠ±ΡΠ°Π» ΡΠ°ΠΊΠΎΠ΅ ΠΈΠΌΡ Π½Π΅ ΡΠ»ΡΡΠ°ΠΉΠ½ΠΎ, ΠΈΠ½ΠΎΠ³Π΄Π° Ρ Π½ΠΈΠΌ ΠΏΡΠΎΠΈΡΡ ΠΎΠ΄ΡΡ Π·Π°Π±Π°Π²Π½ΡΠ΅ Π±Π°Π³ΠΈ. Π§Π΅ΡΠ΅Π· Π½Π΅ΠΊΠΎΡΠΎΡΠΎΠ΅ Π²ΡΠ΅ΠΌΡ ΡΡΠ°Π»ΠΈ ΠΏΡΠΈΡ ΠΎΠ΄ΠΈΡΡ ΡΠ»ΡΡΠ°ΠΉΠ½ΡΠ΅ ΠΏΠ»Π°ΡΠ΅ΠΆΠΈ ΠΎΡ Π½Π΅ΠΈΠ·Π²Π΅ΡΡΠ½ΡΡ ΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΠ΅Π»Π΅ΠΉ...
Half Million Chinese Android Devices got infected with SMSZombie
The amount of malware crafted and aimed at Android devices is ever-increasing. With Android being the most popular platform for smartphones and tablets around the world, Android users have become the low-hanging fruit when it comes to writing malware by the nefarious users. A new Android threat h...