81 matches found
The vulnerability of the Swarm Mode mode of the dockerd daemon, a software tool for creating containerized systems like Moby and the Mirantis Container Runtime environment, allows an attacker to compromise the integrity and accessibility of protected information.
The vulnerability of the Swarm Mode mode of the dockerd daemon, a software tool for creating containerized systems like Moby and the Mirantis Container Runtime environment, is related to the use of an unprotected alternative channel. Exploiting this vulnerability allows an attacker to compromise...
PT-2023-2420 · Omron · Omron Cs Series
Name of the Vulnerable Software and Affected Versions: Omron CJ-series and CS-series PLCs, all versions Description: The issue is related to the lack of authentication for a critical function in Omron CS/CJ controllers. An attacker with network access to the affected PLC may use a network protoco...
CVE-2022-27912
An issue was discovered in Joomla! 4.0.0 through 4.2.3. Sites with publicly enabled debug mode exposed data of previous requests...
Telstra Telecom Suffers Data Breach Potentially Exposing Employee Information
Australia's largest telecommunications company Telstra disclosed that it was the victim of a data breach through a third-party, nearly two weeks after Optus reported a breach of its own. "There has been no breach of Telstra's systems," Narelle Devine, the company's chief information security...
CVE-2022-31060 Banner topic data is exposed on login-required Discourse sites
Discourse is an open-source discussion platform. Prior to version 2.8.4 in the stable branch and version 2.9.0.beta5 in the beta and tests-passed branches, banner topic data is exposed on login-required sites. This issue is patched in version 2.8.4 in the stable branch and version 2.9.0.beta5 in...
livehelperchat 安全漏洞
livehelperchat is a live support available for free on the website through Live Helper Chat. A security vulnerability exists in livehelperchat versions prior to 3.96 that stems from a loose comparison leading to IDOR on multiple endpoints. an attacker can bypass multiple checks to access other...
Database mess up – US marketing firm exposed data of 7 million users
By Deeba Ahmed The IT security researchers at Website Planet discovered what they dubbed as a large data breach, impacting a… This is a post from HackRead.com Read the original post: Database mess up - US marketing firm exposed data of 7 million users...
The vulnerability in the CoreText application programming interface of operating systems such as iOS, macOS, iPadOS, iPhoneOS, watchOS, and tvOS allows attackers to gain access to protected information.
The vulnerability of the CoreText application interface in iOS, macOS, iPadOS, iPhoneOS, watchOS, and tvOS systems relates to the ability to read data beyond the buffer in memory when processing a specially crafted font file. Exploiting this vulnerability can allow an attacker to gain access to...
Design/Logic Flaw
A Cleartext Transmission of Sensitive Information vulnerability in B. Braun SpaceCom2 prior to 012U000062 allows a remote attacker to obtain sensitive information by snooping on the network traffic. The exposed data includes critical values for a pump's internal configuration...
Defunct marketing firm exposed 32GB worth of records, customers data
By Waqas According to researchers, the exposed database contained around 50,000 files and had 32GB worth of data. This is a post from HackRead.com Read the original post: Defunct marketing firm exposed 32GB worth of records, customers data...
The vulnerability of the Adobe Animate software for creating multimedia and computer animations lies in its ability to read data beyond the boundaries of the memory buffer. This allows attackers to gain unauthorized access to protected information.
The vulnerability of the Adobe Animate program for creating multimedia and computer animations is related to reading beyond the buffer in memory. Exploiting this vulnerability can allow a malicious actor to gain unauthorized access to protected information in the context of the current user, usin...
CVE-2020-36319
Insecure configuration of default ObjectMapper in com.vaadin:flow-server versions 3.0.0 through 3.0.5 Vaadin 15.0.0 through 15.0.4 may expose sensitive data if the application also uses e.g. @RestController...
USN-4501-1 luajit vulnerability
It was discovered that an out-of-bounds read existed in LuaJIT. An attacker could use this to cause a denial of service application crash or possibly expose sensitive information. CVE-2020-15890...
SQL Injection Vulnerability in Website Building System of Zhejiang Mufeng Website Technology Co.
Zhejiang Mufeng Website Technology Co., Ltd. is a website design company. Zhejiang Mufeng Website Technology Co., Ltd. website building system has SQL injection vulnerability, attackers can use the vulnerability to obtain sensitive information in the database...
Web exhibition PHP foreign trade enterprise website red style front SQL injection vulnerability
Netzhan Technology Beijing Century Netzhan Technology Co., Ltd. is an Internet service operator specializing in the field of exhibition shows. SQL injection vulnerability exists in the red style frontend of Nethub's PHP foreign trade enterprise website, which can be exploited by attackers to obta...
A Massive U.S. Property and Demographic Database Exposes 200 Million Records
More than 200 million records containing a wide range of property-related information on US residents were left exposed on a database that was accessible on the web without requiring any password or authentication. The exposed data — a mix of personal and demographic details — included the name,...
CVE-2019-6837
A Server-Side Request Forgery SSRF: CWE-918 vulnerability exists in U.motion Server MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15, which could cause server...
CVE-2019-6837
A Server-Side Request Forgery SSRF: CWE-918 vulnerability exists in U.motion Server MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15, which could cause server...
Design/Logic Flaw
An issue was discovered in GitLab Community and Enterprise Edition 11.2 through 12.2.1. Insufficient permission checks were being applied when displaying CI results, potentially exposing some CI metrics data to unauthorized users...
SQL Injection Vulnerability in the de***.aspx Page of CrowdSoft Web Application System
CrowdSoft is an independent and innovative software enterprise providing informationization services for government and enterprises and institutions. A SQL injection vulnerability exists in the de.aspx page of the CrowdSmart Software Web application system, which can be exploited by attackers to...