Friday Squid Blogging: Squid and Efficient Solar Tech

Researchers are trying to use squid color-changing biochemistry for solar tech. This appears to be new and related research to a 2019 squid post. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered...

The vulnerability of Microprogramming Software in the Wiren Board controller lies in the lack of implementation for authentication when changing access rights, allowing attackers to escalate their privileges.

The vulnerability of the Microprogramming Software of the Wiren Board controller is related to the absence of authentication mechanisms for changing access rights. Exploiting this vulnerability can allow a malicious actor to increase their privileges remotely...

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF due to the absence of CSRF token validation. An attacker can compromise account settings and data integrity by crafting malicious requests that can trigger state-changing operations on behalf of an...

CVE-2024-0392

A Cross-Site Request Forgery CSRF vulnerability exists in the management console of WSO2 Enterprise Integrator 6.6.0 due to the absence of CSRF token validation. This flaw allows attackers to craft malicious requests that can trigger state-changing operations on behalf of an authenticated user,...

CVE-2024-0392

A Cross-Site Request Forgery CSRF vulnerability exists in the management console of WSO2 Enterprise Integrator 6.6.0 due to the absence of CSRF token validation. This flaw allows attackers to craft malicious requests that can trigger state-changing operations on behalf of an authenticated user,...

CVE-2024-0392

CVE-2024-0392 describes a CSRF vulnerability in the management console of WSO2 Enterprise Integrator 6.6.0 caused by the absence of CSRF token validation. The vulnerability can enable an attacker to trigger certain state-changing operations on behalf of an authenticated user via crafted requests,...

CVE-2024-3083

A “CWE-352: Cross-Site Request Forgery CSRF” can be exploited by remote attackers to perform state-changing operations with administrative privileges by luring authenticated victims into visiting a malicious web page...

Cross-Site Request Forgery (CSRF)

typo3/cms-beuser is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to improper handling of state-changing actions in downstream components, where HTTP GET submissions are incorrectly accepted instead of enforcing the appropriate HTTP method. Misconfigurations, such as...

CVE-2024-12838

The passwordless login mechanism in CGFIDO from Changing Information Technology has an Authentication Bypass vulnerability, allowing remote attackers with regular privileges to send a crafted request to switch to the identity of any user, including administrators...

CVE-2024-12838 Changing Information Technology CGFIDO - Authentication Bypass

The passwordless login mechanism in CGFIDO from Changing Information Technology has an Authentication Bypass vulnerability, allowing remote attackers with regular privileges to send a crafted request to switch to the identity of any user, including administrators...

CHANGING CGFIDO 安全漏洞

CHANGING CGFIDO is a passwordless authentication system from China-based CHANGING. A security vulnerability exists in CHANGING CGFIDO versions 0.0.1 through 1.1.0, which originates from an authentication bypass vulnerability in the passwordless login mechanism that allows a remote attacker with...

PT-2024-17758 · Changing Information Technology · Cgfido

Name of the Vulnerable Software and Affected Versions: CGFIDO affected versions not specified Description: The login mechanism via device authentication of CGFIDO from Changing Information Technology has an authentication bypass issue. If a user visits a forged website, the agent program deployed...

SecureSTATION 安全漏洞

SecureSTATION is an application from SecureSTATION, Inc. A security vulnerability exists in SecureSTATION v.2.5.5.3116-S50-SMA-B20160811A and prior versions, which stems from the presence of an insecure privilege vulnerability that allows a physically proximate attacker to obtain sensitive...

WordPress plugin 畅言评论系统 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security...

CVE-2024-48846 Cross Side Request Forgery, CSRF

Cross Site Request Forgery vulnerabilities where found providing a potiential for exposing sensitive information or changing system settings. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02...

UBUNTU-CVE-2024-45608

GLPI is a free asset and IT management software package. An authenticated user can perfom a SQL injection by changing its preferences. Upgrade to 10.0.17...

GLPI SQL注入漏洞

GLPI is an open source IT and asset management software from an individual developer. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner and i...

Exploit for Incorrect Default Permissions in Google Android

CVE-2022-20474 Analysis - Self-changed Bundle under LazyValue...

CVE-2024-50252 mlxsw: spectrum_ipip: Fix memory leak when changing remote IPv6 address

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrumipip: Fix memory leak when changing remote IPv6 address The device stores IPv6 addresses that are used for encapsulation in linear memory that is managed by the driver. Changing the remote address of an ip6gre net...

CVE-2024-10653

IDExpert from CHANGING Information Technology does not properly validate a specific parameter in the administrator interface, allowing remote attackers with administrative privileges to inject and execute OS commands on the server...