CVE-2019-11334

An authentication bypass in website post requests in the Tzumi Electronics Klic Lock application 1.0.9 for mobile devices allows attackers to access resources that are not otherwise accessible without proper authentication via capture-replay. Physically proximate attackers can use this informatio...

CVE-2019-11334

An authentication bypass in website post requests in the Tzumi Electronics Klic Lock application 1.0.9 for mobile devices allows attackers to access resources that are not otherwise accessible without proper authentication via capture-replay. Physically proximate attackers can use this informatio...

CVE-2019-11334

The CVE-2019-11334 issue is an authentication bypass in the Tzumi Electronics Klic Lock ecosystem. The vulnerability affects the Klic Lock mobile app (version 1.0.9) and the Klic Smart Padlock (Firmware 6.2). Attackers can exploit capture-replay of website POST requests to access resources that s...

PT-2019-12246 · Tzumi Electronics · Klic Lock +1

Name of the Vulnerable Software and Affected Versions: Tzumi Electronics Klic Lock application version 1.0.9 Tzumi Electronics Klic Smart Padlock Model 5686 Firmware 6.2 Description: The issue allows attackers to bypass authentication in website post requests, enabling them to access resources th...

Malicious Package

grunt-radic contains malicious code. The code when executed in the browser would capture password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl=...

Malicious Package

grunt-radical contains malicious code. The code when executed in the browser would capture password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl=...

Malicious Package

jekyll-for-github-projects contains malicious code. The code when executed in the browser would capture password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl=...

Malicious Package

leaflet-gpx contains malicious code. The code when executed in the browser would capture password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl=...

Malicious Package

angular-location-update contains malicious code. The code when executed in the browser would capture password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl=...

Malicious Package

ember-power-timepicker contains malicious code. The code when executed in the browser would capture password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl=...

Malicious Package

geoheat contains malicious code. The code when executed in the browser would capture password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl=...

Malicious Package

github-jquery-widgets contains malicious code. The code when executed in the browser would capture password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl=...

Malicious Package

libubx contains malicious code. The code when executed in the browser would capture password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl=...

Malicious Package

motiv.scss contains malicious code. The code when executed in the browser would capture password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl=...

Malicious Package

vue-backbone contains malicious code. The code when executed in the browser would capture password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl=...

Malicious Package

mx-nested-menu contains malicious code. The code when executed in the browser would capture password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl=...

Malicious Package

react-datepicker-plus contains malicious code. The code when executed in the browser would capture password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl=...

Malicious Package

ngx-pica contains malicious code. The code when executed in the browser will capture password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl=...

Magecart skimmers found on Amazon CloudFront CDN

Update 06-08-2019: The compromises of Amazon S3 buckets continue and some large sites are being affected. Our crawler spotted a malicious injection that loads a skimmer for the Washington Wizards page on the official NBA.com website. The skimmer was inserted in this JavaScript library:...

PcapXray v2.5 - A Network Forensics Tool To Visualize A Packet Capture Offline As A Network Diagram

PcapXray is a Network Forensics Tool To visualize a Packet Capture offline as a Network Diagram including device identification, highlight important communication and file extraction. PcapXray Design Specification Goal: Given a Pcap File, plot a network diagram displaying hosts in the network,...