A week in security (August 29 - September 4)

Last week on Malwarebytes Labs: Twilio data breach turns out to be more elaborate than suspected Playing Doom on a John Deere tractor with Sick Codes: Lock and Code S03E18 Chromium browsers can write to the system clipboard without your permission British Airways customers targeted in lost luggag...

Final Fantasy 14 players targeted by QR code phishing

Final Fantasy 14, the smash-hit online role playing game, is under fire from scammers. The attack is a devious way to try and compromise player accounts, making use of free item promises and bogus QR codes. As the game is a constantly changing service, its almost impossible to keep up with new...

Library Management System SQL注入漏洞

Library Management System is a library management system with QR code attendance and automatic library card generation by King Albaracin Personal Developer. A security vulnerability exists in the v1.0 version of Library Management System due to an SQL injection issue in the id parameter of the...

CVE-2022-20321

In Settings, there is a possible way for an application without permissions to read content of WiFi QR codes due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product:...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google, Inc. A security vulnerability exists in Google Android 13, which stems from a lack of permission checking in its "setting" to read the contents of a wifi QR code, which could result in local information being made public...

CVE-2022-20321

CVE-2022-20321 affects Android 13 where the Settings component fails a permission check, allowing an application without permissions to read the contents of WiFi QR codes. The underlying issue is a missing access control in the UI flow for reading WiFi network data, enabling local information dis...

Library Management System 跨站脚本漏洞

Library Management System is a library management system with QR code attendance and automatic library card generation by King Albaracin Individual Developer. A cross-site scripting vulnerability exists in Library Management System, which stems from unknown code in the file /qr/I/ being affected,...

[SECURITY] Fedora 36 Update: golang-github-skip2-qrcode-0-3.20220316gitda1b656.fc36

QR Code encoder Go...

CVE-2022-24992

A vulnerability in the component process.php of QR Code Generator v5.2.7 allows attackers to perform directory traversal...

CVE-2022-24992

A vulnerability in the component process.php of QR Code Generator v5.2.7 allows attackers to perform directory traversal...

CVE-2022-24992

A vulnerability in the component process.php of QR Code Generator v5.2.7 allows attackers to perform directory traversal...

CVE-2022-24992

The CVE-2022-24992 entry concerns QR Code Generator version 5.2.7, specifically the process.php component, where improper handling enables directory traversal. The exploit surface is described across multiple sources (e.g., Red Hat, PT- Security, CNNVD) with no explicit mitigation or patched vers...

PT-2022-17036 · Unknown · Qr Code Generator

Name of the Vulnerable Software and Affected Versions: QR Code Generator version 5.2.7 Description: A vulnerability in the component process.php of QR Code Generator allows attackers to perform directory traversal. Recommendations: For QR Code Generator version 5.2.7, consider restricting access ...

DENSO WAVE QR Code Generator 路径遍历漏洞

DENSO WAVE QR Code Generator is a QR code generator from DENSO WAVE Japan. A security vulnerability exists in DENSO WAVE QR Code Generator version v5.2.7. An attacker can exploit the vulnerability to perform directory traversal...

CVE-2022-1127

Use after free in QR Code Generator in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via user interaction...

CVE-2022-1127

Use after free in QR Code Generator in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via user interaction...

DEBIAN-CVE-2022-1127

Use after free in QR Code Generator in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via user interaction...

CVE-2022-1127

Use after free in QR Code Generator in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via user interaction...

Design/Logic Flaw

Use after free in QR Code Generator in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via user interaction...

UBUNTU-CVE-2022-1127

Use after free in QR Code Generator in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via user interaction...