CVE-2012-4482

The Ubercart SecureTrading Payment Method module 6.x for Drupal does not properly verify payment notification information, which allows remote attackers to purchase an item without paying via unspecified vectors...

AnyWhere Elementor < 1.2.8 - Freemius API Key Disclosure

The plugin discloses a Freemius Secret Key which could be used by an attacker to purchase the pro subscription using test credit card numbers without actually paying the amount. Such key has been revoked. PoC See the disclosed secret key in includes/pro.php...

Anyone can use funds in GroupBuy.sol to buy the NFTs for themselves

Lines of code Vulnerability details The GroupBuy contract allows users to pool their funds in order to buy specific NFTs once enough funds have been raised. The purchace function does not do any caller authorization and allows the caller to pass in an arbitrary address for executing the buy. The...

GitLab: Stealing data from customers.gitlab.com without user interaction

Summary An attacker can link her own customers.gitlab.com account to the one of the victim, and these give access to 3 different vulnerabilities: - destroying subscriptions of the victim - buying new subscriptions using victim credit card for its own groups - some minor information disclosure abo...