多款Keysight Technologies产品路径遍历漏洞

Keysight Technologies N6854A Geolocation server and Keysight Technologies N6841A RF Sensor are both products of Keysight Technologies, Inc.Keysight Technologies Keysight Technologies N6854A Geolocation server is a geolocation server.Keysight Technologies N6841A RF Sensor is an RF sensor. It is us...

多款Keysight Technologies产品代码问题漏洞

Keysight Technologies N6854A Geolocation server and Keysight Technologies N6841A RF Sensor are both products of Keysight Technologies, Inc.Keysight Technologies Keysight Technologies N6854A Geolocation server is a geolocation server.Keysight Technologies N6841A RF Sensor is an RF sensor. It is us...

Keysight N6854A Geolocation server and N6841A RF Sensor software

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Keysight Technologies, Inc. Equipment: N6854A Geolocation server and N6841A RF Sensor software Vulnerabilities: Relative Path Traversal, Deserialization of Untrusted Data 2. RISK EVALUATION Successful...

Metadata Is Not Stripped From Images

While uploading an image on https://demo-publify.herokuapp.com/admin/resources as a low privileged user the meta data of the image like geolocation, device information, version, name etc is not getting stripped, as a result the attacker can collect all the meta data information of the image by...

Insecure Storage of Sensitive Information

Description When the user uploads his profile picture, the uploaded image’s EXIF Geolocation Data does not get stripped. As a result, anyone can get sensitive information of Scoold users like their Geolocation, their Device information like Device Name, Version, Software & Software version used,...

Tech support scam campaign targets Japanese visitors to PornHub

The Malwarebytes Threat Intelligence team has identified a malvertising campaign targeting Japanese users. The campaign they discovered was found to be using a cloaking technique to lure visitors of popular adult site PornHub to a decoy site at the domain mixhd.club. Cloaking Cloaking is a method...

EXIF Geolocation Data Not Stripped From Uploaded Images (vulnerability)

Vulnerability name: EXIF Geolocation Data Not Stripped From Uploaded Images vulnerability Description:- When the user uploads his profile picture, the uploaded image’s EXIF Geolocation Data does not get stripped. As a result, anyone can get sensitive information of microweber users like their...

Sensitive Data Exposure Due To Insecure Storage Of Profile Image

Description When the user uploads his profile picture, the uploaded image’s EXIF Geolocation Data does not get stripped. As a result, anyone can get sensitive information of trudesk users like their Geolocation, their Device information like Device Name, Version, Software & Software version used,...

Undesired Behavior

Overview event-source-polyfill is an A polyfill for http://www.w3.org/TR/eventsource/ Affected versions of this package are vulnerable to Undesired Behavior. This package geo-locates users based on their IP address and if the user is Russia-based prints a political protest message in the browser ...

CVE-2022-23812

The CVE-2022-23812 vulnerability affects the node-ipc package (versions 10.1.1 and 10.1.2). Embedded malicious code is triggered based on geolocation (Russia/Belarus) and overwrites user files with a heart emoji; the maintainer removed this code in version 10.1.3. Starting with 11.0.0, node-ipc i...

Geowifi - Search WiFi Geolocation Data By BSSID And SSID On Different Public Databases

Search WiFi geolocation data by BSSID and SSID on different public databases. Databases: Wigle Apple OpenWifi Milnikov Prerequisites Python3. In order to display emojis on Windows , it is recommended to install the new Windows terminal. ⚠️ In order to use the Wigle service it is necessary to obtai...

CVE-2021-41180

Nextcloud talk is a self hosting messaging service. In versions prior 12.1.2 an attacker is able to control the link of a geolocation preview in the Nextcloud Talk application due to a lack of validation on the link. This could result in an open-redirect, but required user interaction. This only...

Open redirect

Nextcloud talk is a self hosting messaging service. In versions prior 12.1.2 an attacker is able to control the link of a geolocation preview in the Nextcloud Talk application due to a lack of validation on the link. This could result in an open-redirect, but required user interaction. This only...

CVE-2021-41180 Geolocation preview links can be set to arbitrary links in nextcloud talk

Nextcloud talk is a self hosting messaging service. In versions prior 12.1.2 an attacker is able to control the link of a geolocation preview in the Nextcloud Talk application due to a lack of validation on the link. This could result in an open-redirect, but required user interaction. This only...

Geolocation preview links can be set to arbitrary links

None...

Insecure Storage of Sensitive Information

Vulnerability name: EXIF Geolocation Data Not Stripped From Uploaded Images vulnerability Description:- When the user uploads his profile picture, the uploaded image’s EXIF Geolocation Data does not get stripped. As a result, anyone can get sensitive information of microweber users like their...

Microweber Information Disclosure Vulnerability (CNVD-2022-71439)

Microweber is a drag-and-drop online store management system from the Microweber community in the United States. The system includes modules for adding products, images, etc. An information disclosure vulnerability exists in versions of Microweber prior to 1.3, which stems from the fact that when...

The vulnerability of the Windows Geolocation Service on Windows operating systems allows a perpetrator to execute arbitrary code.

The vulnerability of the Windows Geolocation Service in Windows operating systems is related to incorrect code generation. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

Scylla - The Simplistic Information Gathering Engine | Find Advanced Information On A Username, Website, Phone Number, Etc

Notice For Deprecation This project is no longer being worked on by the developer. As of today, the program has many flaws and is not up to modern OSINT standards. A lot of APIs utilized within Scylla are no longer working as they did when the project was first released. The developer wrote Scyll...

Microweber 安全漏洞

Microweber is a drag-and-drop online store management system from the Microweber community in the United States. The system includes modules for adding products, images, etc. An information disclosure vulnerability exists in versions of Microweber prior to 1.3, which stems from the fact that when...