Astra Linux - уязвимость в 389-ds-base

A flaw was discovered in RHDS 11 and RHDS 12. While browsing entries using LDAP, the system attempts to decode the userPassword attribute instead of the userCertificate attribute, which could lead to sensitive information being leaked. An attacker with a local account where cockpit-389-ds is...

CVE-2024-8395 FlyCASS Cockpit Access Security System (CASS) SQL Injection

FlyCASS CASS and KCM systems did not correctly filter SQL queries, which made them vulnerable to attack by outside attackers with no authentication...

FlyCASS SQL注入漏洞

FlyCASS is a third-party web service used by FlyCASS, Inc. airlines to manage known crew plans and cockpit access security systems. FlyCASS suffers from a SQL injection vulnerability that stems from not properly filtering SQL queries and is susceptible to unauthenticated external attacks...

SQL Injection Attack on Airport Security

Interesting vulnerability: …a special lane at airport security called Known Crewmember KCM. KCM is a TSA program that allows pilots and flight attendants to bypass security screening, even when flying on domestic personal trips. The KCM process is fairly simple: the employee uses the dedicated la...

Why hackers don’t fly coach

Physical security is relied on too heavily for cabin-based systems on the Airline Information Services Domain AISD. Whilst the Aircraft Control Domain ACD is separated, there are still plenty of interesting information, data and systems that are accessible from the cabin, for those who are prepar...