SUSE CVE-2010-1386

page/Geolocation.cpp in WebCore in WebKit before r56188 and before 1.2.5 does not properly restrict access to the lastPosition function, which has unspecified impact and remote attack vectors, aka rdar problem 7746357...

SUSE CVE-2010-1772

Use-after-free vulnerability in page/Geolocation.cpp in WebCore in WebKit before r59859, as used in Google Chrome before 5.0.375.70, allows remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted web site, related to failure to stop timers associate...

SUSE CVE-2010-3823

Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service application crash via vectors involving Geolocation objects. NOTE: this...

SUSE CVE-2013-0835

Unspecified vulnerability in the Geolocation implementation in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service application crash via unknown vectors...

SUSE CVE-2016-2829

Mozilla Firefox before 47.0 allows remote attackers to spoof permission notifications via a crafted web site that rapidly triggers permission requests, as demonstrated by the microphone permission or the geolocation permission...

SUSE CVE-2019-15740

An issue was discovered in GitLab Community and Enterprise Edition 7.9 through 12.2.1. EXIF Geolocation data was not being removed from certain image uploads...

SUSE CVE-2021-23963

When sharing geolocation during an active WebRTC share, Firefox could have reset the webRTC sharing state in the user interface, leading to loss of control over the currently granted permission. This vulnerability affects Firefox 85...

SUSE CVE-2021-38508

By displaying a form validity message in the correct location at the same time as a permission prompt such as for geolocation, the validity message could have obscured the prompt, resulting in the user potentially being tricked into granting the permission. This vulnerability affects Firefox 94,...

SUSE CVE-2021-41180

Nextcloud talk is a self hosting messaging service. In versions prior 12.1.2 an attacker is able to control the link of a geolocation preview in the Nextcloud Talk application due to a lack of validation on the link. This could result in an open-redirect, but required user interaction. This only...

PT-2022-25528 · Unknown · Yellow Tree Geolocation Ip Detection Plugin

Name of the Vulnerable Software and Affected Versions: Yellow Tree Geolocation IP Detection Plugin affected versions not specified Description: A vulnerability was found in the Yellow Tree Geolocation IP Detection Plugin, classified as problematic. It affects an unknown function of the component...

XSS Stored inside help links onevent attribute

📜 Description Cross-site scripting XSS is a type of security vulnerability that can be found in some web applications. XSS attacks enable attackers to inject client-side scripts into web pages viewed by other users. The persistent or stored XSS vulnerability is a more devastating variant of a...

Bayanay - Python Wardriving Tool

WarDriving is the act of navigating, on foot or by car, to discover wireless networks in the surrounding area. Features Wardriving is done by combining the SSID information obtained with scapy using the HTML5 geolocation feature. Usage I cannot be held responsible for the malicious use of the...

FTC Sues Data Broker Over Selling Location Data for Hundreds of Millions of Phones

The U.S. Federal Trade Commission FTC on Monday said it filed a lawsuit against Kochava, a location data broker, for collecting and selling precise geolocation data gathered from consumers' mobile devices. The complaint alleges that the U.S. company amasses a "wealth of information" about users b...

Journalists Emerge as Favored Attack Target for APTs

Targeted phishing attacks are traced to multiple threat actors who have each independently focused on stealing credentials and sensitive data and tracking the geolocation of journalists. In a Thursday report by Proofpoint, researchers outline individual efforts by advance persistent threat APT...

Report Claims Coinbase Selling User Geolocation Data to ICE

By Deeba Ahmed Tech Inquiry’s Jack Paulson has shared startling details about a 3-year contract between the US Department of Homeland… This is a post from HackRead.com Read the original post: Report Claims Coinbase Selling User Geolocation Data to ICE...

Malicious code in wafer-geolocation (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 44a010d1ba66dd9c87c6908a30c3f6e8f2cbb3779024f0c5d58c2c0e79b10d21 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-7024 Malicious code in wafer-geolocation (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 44a010d1ba66dd9c87c6908a30c3f6e8f2cbb3779024f0c5d58c2c0e79b10d21 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2022-1661 Keysight N6854A Geolocation server and N6841A RF Sensor software

The affected products are vulnerable to directory traversal, which may allow an attacker to obtain arbitrary operating system files...

CVE-2022-1660 Keysight N6854A Geolocation server and N6841A RF Sensor software

The affected products are vulnerable of untrusted data due to deserialization without prior authorization/authentication, which may allow an attacker to remotely execute arbitrary code...

多款Keysight Technologies产品路径遍历漏洞

Keysight Technologies N6854A Geolocation server and Keysight Technologies N6841A RF Sensor are both products of Keysight Technologies, Inc.Keysight Technologies Keysight Technologies N6854A Geolocation server is a geolocation server.Keysight Technologies N6841A RF Sensor is an RF sensor. It is us...