PayPal scam abuses Docusign API to spread phishy emails

PayPal scammers are using an old Docusign trick to enhance the trustworthiness of their phishing emails. We've received several reports of this recently, so we dug into how the scam works. The Docusign Application Programming Interface API allows “customers” to send emails that come from genuine...

CVE-2024-47089

Affected software: Apex Softcell LD Geo. Vulnerability: Improper validation of the transaction token ID in the API endpoint, enabling an authenticated remote attacker to manipulate the token ID and access/modify transactions belonging to other users. Impact: Unauthorized access and modification o...

CVE-2022-41268

In some SAP standard roles in SAP Business Planning and Consolidation - versions - SAPBW 750, 751, 752, 753, 754, 755, 756, 757, DWCORE 200, 300, CPMBPC 810, a transaction code reserved for the customer is used. By implementing such transaction code, a malicious user may execute unauthorized...

CVE-2022-41268

In some SAP standard roles in SAP Business Planning and Consolidation - versions - SAPBW 750, 751, 752, 753, 754, 755, 756, 757, DWCORE 200, 300, CPMBPC 810, a transaction code reserved for the customer is used. By implementing such transaction code, a malicious user may execute unauthorized...

CVE-2022-41268

In some SAP standard roles in SAP Business Planning and Consolidation - versions - SAPBW 750, 751, 752, 753, 754, 755, 756, 757, DWCORE 200, 300, CPMBPC 810, a transaction code reserved for the customer is used. By implementing such transaction code, a malicious user may execute unauthorized...

PT-2022-25779 · Sap · Sap Business Planning/Consolidation +3

Name of the Vulnerable Software and Affected Versions: SAP Business Planning and Consolidation versions SAP BW 750 through 757, DWCORE 200 through 300, CPMBPC 810 Description: The issue concerns the use of a transaction code reserved for the customer in some SAP standard roles. This could allow a...

CVE-2022-36058

Elrond go is the go implementation for the Elrond Network protocol. In versions prior to 1.3.34, anyone who uses elrond-go to process blocks historical or actual could encounter a MultiESDTNFTTransfer transaction like this: MultiESDTNFTTransfer with a missing function name. Basic functionality li...

Code injection

In some SAP standard roles, in SAPABA versions, 7.00 to 7.02, 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50, 75C to 75D, a transaction code reserved for customer is used. By implementing such transaction code a malicious user may execute unauthorized transaction functionality...

CVE-2018-2481

In some SAP standard roles, in SAPABA versions, 7.00 to 7.02, 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50, 75C to 75D, a transaction code reserved for customer is used. By implementing such transaction code a malicious user may execute unauthorized transaction functionality...

CVE-2018-2481

CVE-2018-2481 affects SAP_ABA components across SAP_ABA releases 7.00–7.02, 7.10–7.11, 7.30, 7.31, 7.40, 7.50 and 75C–75D. Description: a transaction code reserved for customers can be used to perform unauthorized transaction functionality by a malicious user, enabling elevation of privileges in ...

CVE-2018-2481

In some SAP standard roles, in SAPABA versions, 7.00 to 7.02, 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50, 75C to 75D, a transaction code reserved for customer is used. By implementing such transaction code a malicious user may execute unauthorized transaction functionality...

SA-CONTRIB-2014-050 - Commerce Postfinance ePayment - Access Bypass

The Commerce Postfinance ePayment module provides commerce payment methods for the Postfinance e-Payment service provider. The module doesn't sufficiently validate incoming payment notification IPN messages. Sending a specifically crafted IPN message to an affected site allows an attacker to crea...