CVE-2024-3797 SourceCodester QR Code Bookmark System sql injection

A vulnerability was found in SourceCodester QR Code Bookmark System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /endpoint/delete-bookmark.php?bookmark=1. The manipulation of the argument bookmark leads to sql injection. The attack can be initiated...

CVE-2024-3797

CVE-2024-3797 affects SourceCodester QR Code Bookmark System 1.0. The issue is an SQL injection in the /endpoint/delete-bookmark.php?bookmark=1 parameter, enabling remote attacker execution via the bookmark argument. There is public disclosure of the exploit. Affected component is the delete-book...

CVE-2024-2946

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution formerly WooLentor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's QR Code Widget in all versions up to, and including, 2.8.4 due to insufficient input sanitization...

CVE-2024-2946

CVE-2024-2946 concerns ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules (formerly WooLentor). Red Hat confirms a Stored Cross-Site Scripting vulnerability in the QR Code Widget affecting all versions up to 2.8.4 due to insufficient input sanitization and output escaping on u...

PT-2024-22911 · WordPress · Shoplentor

Name of the Vulnerable Software and Affected Versions: The ShopLentor plugin for WordPress versions up to, and including, 2.8.4 Description: The issue is related to Stored Cross-Site Scripting via the plugin's QR Code Widget due to insufficient input sanitization and output escaping on...

WordPress ShopLentor plugin <= 2.8.4 - Authenticated (Contributor+) Stored Cross-site Scripting via QR Code Widget vulnerability

Authenticated Contributor+ Stored Cross-site Scripting via QR Code Widget vulnerability discovered by Phuoc Pham p3tl0v3r in WordPress Plugin ShopLentor versions = 2.8.4...

ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) < 2.8.5 - Authenticated (Contributor+) Stored Cross-site Scripting via QR Code Widget

Description The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution formerly WooLentor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's QR Code Widget in all versions up to, and including, 2.8.4 due to insufficient input...

How Cybercriminals are Exploiting India's UPI for Money Laundering Operations

Cybercriminals are using a network of hired money mules in India using an Android-based application to orchestrate a massive money laundering scheme. The malicious application, called XHelper, is a "key tool for onboarding and managing these money mules," CloudSEK researchers Sparsh Kulshrestha,...

CVE-2024-26281

Upon scanning a JavaScript URI with the QR code scanner, an attacker could have executed unauthorized scripts on the current top origin sites in the URL bar. This vulnerability affects Firefox for iOS 123...

Code injection

Upon scanning a JavaScript URI with the QR code scanner, an attacker could have executed unauthorized scripts on the current top origin sites in the URL bar. This vulnerability affects Firefox for iOS 123...

CVE-2024-26281

Upon scanning a JavaScript URI with the QR code scanner, an attacker could have executed unauthorized scripts on the current top origin sites in the URL bar. This vulnerability affects Firefox for iOS 123...

CVE-2024-26281

Upon scanning a JavaScript URI with the QR code scanner, an attacker could have executed unauthorized scripts on the current top origin sites in the URL bar. This vulnerability affects Firefox for iOS 123...

CVE-2024-26281

Upon scanning a JavaScript URI with the QR code scanner, an attacker could have executed unauthorized scripts on the current top origin sites in the URL bar. This vulnerability affects Firefox for iOS 123...

CVE-2024-26281

CVE-2024-26281 concerns Firefox for iOS. In the provided docs, scanning a JavaScript URI with the QR code scanner could allow an attacker to execute unauthorized scripts in the current top-origin, via a cross-site scripting issue. Affected product: Firefox for iOS before version 123. Root cause: ...

The vulnerability of the lookup_sequence function in the ZBar barcode reading library allows a perpetrator to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the lookupsequence function in the ZBar barcode reading library is related to writing beyond the buffer boundaries. Exploiting this vulnerability can allow an attacker to gain access to confidential data, compromise its integrity, and even cause service failures using a...

Security Vulnerabilities fixed in Firefox for iOS 123 — Mozilla

An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme. Using an AMP url with a canonical element, an attacker could have executed JavaScript from an opened bookmarked page. Upon scanning a JavaScri...

QR Phishing. Fact or Fiction?

October 2023’s Cyber Security Awareness Month led to a flurry of blog posts about a new attack called Quishing QR Code phishing and how new AI powered email gateways can potentially block these attacks. What’s the attack? To understand the attack you need understand the challenge that the attacke...

How are attackers using QR codes in phishing emails and lure documents?

Though QR codes were once on the verge of extinction, many consumers are used to seeing them in the wild for ordering at restaurants, or as mainstays on storefront doors informing customers how they can sign up for a newsletter or score a sweet deal. The use of QR codes saw a resurgence during th...

QR Code Scam: Fake Voicemails Target Users, 1000 Attacks in 14 Days

By Deeba Ahmed Fake Voicemail Phishing on the Rise: Check Point Reveals How Hackers are Exploiting Corporate Phone Systems. This is a post from HackRead.com Read the original post: QR Code Scam: Fake Voicemails Target Users, 1000 Attacks in 14 Days...

OESA-2024-1158 zbar security update

ZBar is an open source software suite for reading bar codes from various sources, such as video streams, image files and raw intensity sensors. It supports many popular symbologies types of bar codes including EAN-13/UPC-A, UPC-E, EAN-8, Code 128, Code 39, Interleaved 2 of 5 and QR Code. Security...