Cisco Secure Firewall Threat Defense Software Geolocation Remote Access VPN Bypass Vulnerability

A vulnerability in the Geolocation-Based Remote Access RA VPN feature of Cisco Secure Firewall Threat Defense FTD Software could allow an unauthenticated, remote attacker to bypass configured policies to allow or deny HTTP connections based on a country or region. This vulnerability exists becaus...

PT-2025-33336 · Cisco · Cisco Secure Firewall Threat Defense (Ftd)

Name of the Vulnerable Software and Affected Versions: Cisco Secure Firewall Threat Defense FTD Software affected versions not specified Description: A flaw exists in the Geolocation-Based Remote Access RA VPN feature that may allow a remote, unauthenticated attacker to circumvent configured HTTP...

Linux Distros Unpatched Vulnerability : CVE-2021-23963

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When sharing geolocation during an active WebRTC share, Firefox could have reset the webRTC sharing state in the user interface, leading to loss of control over...

📄 Invision Community 4.7.20 SQL Injection

Invision Community versions 4.7.20 and below have a vulnerability located within the /applications/calendar/modules/front/calendar/view.php script. Specifically, in the IPS\calendar\modules\front\calendar\view::search method: user input passed through the location request parameter is not properl...

Why You Should Use Geolocation in Your React App’s Authentication Process

Improve security in your React app with geolocation-based authentication, adding a strong layer beyond passwords to prevent unauthorised access...

Data-Plane Telemetry to Mitigate Long-Distance BGP Hijacks

Poor security of Internet routing enables adversaries to divert user data through unintended infrastructures hijack. Of particular concern -- and the focus of this paper -- are cases where attackers reroute domestic traffic through foreign countries, exposing it to surveillance, bypassing legal...

Exploit for CVE-2024-25600

Bricks Builder RCE Exploit CVE-2024-25600 This project cont...

Buy It Now, Track Me Later: Attacking User Privacy Via Wi-Fi AP Online Auctions

Static and hard-coded layer-two network identifiers are well known to present security vulnerabilities and endanger user privacy. In this work, we introduce a new privacy attack against Wi-Fi access points listed on secondhand marketplaces. Specifically, we demonstrate the ability to remotely...

Doxing Via the Lens: Revealing Location-Related Privacy Leakage on Multi-Modal Large Reasoning Models

Recent advances in multi-modal large reasoning models MLRMs have shown significant ability to interpret complex visual content. While these models enable impressive reasoning capabilities, they also introduce novel and underexplored privacy risks. In this paper, we identify a novel category of...

CVE-2024-20431

A vulnerability in the geolocation access control feature of Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to bypass an access control policy. This vulnerability is due to improper assignment of geolocation data. An attacker could exploit this...

CVE-2023-29850

SENAYAN Library Management System SLiMS Bulian v9.5.2 does not strip exif data from uploaded images. This allows attackers to obtain information such as the user's geolocation and device information...

CVE-2023-20267

A vulnerability in the IP geolocation rules of Snort 3 could allow an unauthenticated, remote attacker to potentially bypass IP address restrictions. This vulnerability exists because the configuration for IP geolocation rules is not parsed properly. An attacker could exploit this vulnerability b...

CVE-2021-23963

When sharing geolocation during an active WebRTC share, Firefox could have reset the webRTC sharing state in the user interface, leading to loss of control over the currently granted permission. This vulnerability affects Firefox 85...

CVE-2020-29069

getflagiplocaldb in server/mhn/ui/utils.py in Modern Honey Network MHN through 2020-11-23 allows attackers to cause a denial-of-service via an IP address that is absent from a local geolocation database, because the code tries to uppercase a return value even if that value is not a string...

CVE-2020-1394

An elevation of privilege vulnerability exists in the way that the Windows Geolocation Framework handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1388, CVE-2020-1392, CVE-2020-1395...

CVE-2015-7338

SQL Injection exists in AcyMailing Joomla Component before 4.9.5 via exportgeolocorder in a geolocationlongitude request to index.php...

Google to pay $1.38 billion over privacy violations

The state of Texas reached a mammoth financial agreement with Google last week, securing $1.375 billion in payments to settle two three year-old lawsuits. The Office of Texas Attorney General Ken Paxton originally filed the first lawsuit against Google in January 2022, complaining that the tech...

“Your privacy is a promise we don’t break”: Dating app Raw exposes sensitive user data

Any app that hands over user data is a concern, but leaky dating apps are especially worrying given the sensitivity of the data involved. A relatively new app called Raw that aims to rewrite the rules of dating is the latest to trip over its coattails by exposing user data to…well, anyone who ask...

Cisco Firepower Threat Defense Software Snort 3 Geolocation IP Filter Bypass (cisco-sa-ftdsnort3sip-bypass-LMz2ThKn)

According to its self-reported version, Cisco Firepower Threat Defense FTD Software is affected by a vulnerability. - A vulnerability in the IP geolocation rules of Snort 3 could allow an unauthenticated, remote attacker to potentially bypass IP address restrictions. This vulnerability exists...

Esri ArcGIS Server Cross-Site Scripting Vulnerability (CNVD-2025-05061)

Esri ArcGIS Server is Esri's Web-oriented enterprise software platform for providing geolocation services. A cross-site scripting vulnerability exists in Esri ArcGIS Server versions 10.9.1 through 11.3, which can be exploited by an attacker to create a specially crafted link that, when clicked, m...