PT-2024-23082 · Unknown · Evolution Controller

Name of the Vulnerable Software and Affected Versions: Evolution Controller versions 2.x Description: The issue concerns default credentials on the Web Interface of the affected software, allowing unauthorized access to perform administrative functions. Upon installation or first login, the...

PT-2024-23079

Name of the Vulnerable Software and Affected Versions Evolution Controller versions 2.04.560.31.03.2024 and below Description The issue concerns poorly configured access control on DESKTOP EDIT USER GET KEYS FIELDS in the Web interface, allowing an unauthenticated attacker to return the keys valu...

PT-2024-23081 · Unknown · Evolution Controller

Name of the Vulnerable Software and Affected Versions: Evolution Controller versions 2.04.560.31.03.2024 and below Description: The Web interface of Evolution Controller contains poorly configured access control on the "MOBILE GET USERS LIST" endpoint, allowing an unauthenticated attacker to...

PT-2024-23078

Name of the Vulnerable Software and Affected Versions Evolution Controller versions 2.04.560.31.03.2024 and below Description The issue concerns poorly configured access control on the DESKTOP EDIT USER GET PIN FIELDS endpoint, allowing an unauthenticated attacker to retrieve the pin value of any...

PT-2024-23073

Name of the Vulnerable Software and Affected Versions Evolution Controller versions 2.04.560.31.03.2024 and below Description The Web interface of Evolution Controller contains poorly configured access control, allowing an unauthenticated attacker to update and add user profiles within the...

PT-2024-23080

Name of the Vulnerable Software and Affected Versions Evolution Controller versions 2.04.560.31.03.2024 and below Description The issue concerns poorly configured access control on the DESKTOP EDIT USER GET ABACARD FIELDS endpoint, allowing an unauthenticated attacker to return the abacard field ...

PT-2024-23076

Name of the Vulnerable Software and Affected Versions Evolution Controller versions 2.04.560.31.03.2024 and below Description The Web interface of Evolution Controller contains poorly configured access control on the DESKTOP EDIT USER GET CARD endpoint, allowing an unauthenticated attacker to...

DirectCyber Evolution Controller 安全漏洞

DirectCyber Evolution Controller is an access control controller software from DirectCyber, Inc. that is used to controller physical access to facilities. A security vulnerability exists in DirectCyber Evolution Controller version 2.04.560.31.03.2024 and prior versions, which stems from an...

DirectCyber Evolution Controller 安全漏洞

DirectCyber Evolution Controller is an access control controller software from DirectCyber, Inc. that is used to controller physical access to facilities. A security vulnerability exists in DirectCyber Evolution Controller version 2.04.560.31.03.2024 and prior versions, which stems from an...

DirectCyber Evolution Controller 安全漏洞

DirectCyber Evolution Controller is an access control controller software from DirectCyber, Inc. that is used to controller physical access to facilities. A security vulnerability exists in DirectCyber Evolution Controller version 2.04.560.31.03.2024 and prior versions, which stems from a failure...

DirectCyber Evolution Controller 安全漏洞

DirectCyber Evolution Controller is an access control controller software from DirectCyber, Inc. that is used for physical access to the facility by the controller. A security vulnerability exists in DirectCyber Evolution Controller version 2.04.560.31.03.2024 and prior versions, which stems from...

PT-2024-23074

Name of the Vulnerable Software and Affected Versions Evolution Controller versions 2.04.560.31.03.2024 and below Description The Web interface of Evolution Controller uses poor session management, allowing an unauthenticated attacker to access administrator functionality if any other user is...

PT-2024-23075

Name of the Vulnerable Software and Affected Versions Evolution Controller versions 2.04.560.31.03.2024 and below Description The Web interface of the Evolution Controller does not properly sanitize user input, allowing an unauthenticated attacker to crash the controller software. Recommendations...

evolution bug fix update

An update is available for evolution. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Evolution is a GNOME application that provides integrated email, calendar,...

A Bootiful Podcast: Netflix’s Paul Bakker and Kavitha Srinivasan on scaling Spring Boot and Spring GraphQL

Hi, Spring fans! In this installment, I'm thrilled to be joined by Netflix's Paul Bakker and Kavitha Srinivasan, who explain how they're integrating and evolving Spring for GraphQL in their own GraphQL stack and how they're managing, growing, and evolving thousands of services written in Spring B...

Alert: New Phishing Attack Delivers Keylogger Disguised as Bank Payment Notice

A new phishing campaign has been observed leveraging a novel loader malware to deliver an information stealer and keylogger called Agent Tesla. Trustwave SpiderLabs said it identified a phishing email bearing this attack chain on March 8, 2024. The message masquerades as a bank payment...

AI and the Evolution of Social Media

Oh, how the mighty have fallen. A decade ago, social media was celebrated for sparking democratic uprisings in the Arab world and beyond. Now front pages are splashed with stories of social platforms’ role in misinformation, business conspiracy, malfeasance, and risks to mental health. In a 2022...

PT-2024-20390 · Franklin Fueling Systems · Franklin Fueling Systems Ts-550 Evo +1

Name of the Vulnerable Software and Affected Versions: Franklin Fueling System EVO 550 affected versions not specified Franklin Fueling System EVO 5000 affected versions not specified Description: The issue is related to a Path Traversal vulnerability that could allow an attacker to access...

CentOS 9 : nss-3.79.0-14.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the nss-3.79.0-14.el9 build changelog. - NSS Network Security Services versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS...

A week in security (February 12 – February 18)

Last week on Malwarebytes Labs: GoldPickaxe Trojan steals your face! Microsoft Exchange vulnerability actively exploited Massive utility scam campaign spreads via online ads Facebook Marketplace users’ stolen data offered for sale How ransomware changed in 2023 Malwarebytes crushes malware all th...