WordPress QR code MeCard/vCard generator Plugin <= 1.6.0 is vulnerable to Broken Access Control

Software QR code MeCard/vCard generator Type Plugin Vulnerable versions = 1.6.0 Fixed in 1.6.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-38477 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 9f9bd59f2364 Credits Abdi Pranata...

WordPress Qyrr – simply and modern QR-Code creation Plugin < 1.5 is vulnerable to Cross Site Scripting (XSS)

Software Qyrr – simply and modern QR-Code creation Type Plugin Vulnerable versions 1.5 Fixed in 1.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Patrick Posner PSID b4effa18b733 Credits Rafie Muhamma...

GHSA-HQV9-6JQW-9G8M Pimcore admin UI vulnerable to Cross-site Scripting in 2 factor authentication setup page

Summary Unauthenticated HTML Injection / XSS Possible. Conditions: 2factor authentication must not set before Vulnerable Endpoint: /admin/login/2fa-setup Vulnerable Param: error= How it works, So basically any admin, who has not setup 2 factor authentication before is vulnerable for this attack,...

Pimcore admin UI vulnerable to Cross-site Scripting in 2 factor authentication setup page

Summary Unauthenticated HTML Injection / XSS Possible. Conditions: 2factor authentication must not set before Vulnerable Endpoint: /admin/login/2fa-setup Vulnerable Param: error= How it works, So basically any admin, who has not setup 2 factor authentication before is vulnerable for this attack,...

Brave Browser Android 输入验证错误漏洞

Brave is a fast, private and secure web browser from Brave USA. A security vulnerability previously existed in Brave Browser Android version 1.52.117, which originated from an open redirection vulnerability that could be triggered when scanning a QR code QR code...

HTML Injection / Possible XSS

Description In pimcore I was able to identify a Unauthenticated HTML Injection / XSS Possible. Conditions: 2 factor authentication must not set before Vulnerable Endpoint: http://localhost/admin/login/2fa-setup Vulnerable Param: error= How it works, So basically any admin, who has not setup 2...

WordPress Dynamic QR Code Generator Plugin <= 0.0.5 is vulnerable to Cross Site Scripting (XSS)

Software Dynamic QR Code Generator Type Plugin Vulnerable versions = 0.0.5 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-34022 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 663371fa0bd1 Credits thiennv...

GDidees CMS 3.9.1 - Local File Disclosure Vulnerability

Exploit Title: GDidees CMS 3.9.1 - Local File Disclosure Exploit Author : Hadi Mene Vendor Homepage : https://www.gdidees.eu/ Software Link : https://www.gdidees.eu/cms-1-0.html Version : 3.9.1 and earlier Tested on : Debian 11 CVE : CVE-2023-27179 Summary: GDidees CMS v3.9.1 and lower versions w...

GDidees CMS 3.9.1 Local File Disclosure / Directory Traversal Vulnerabilities

Exploit Title: GDidees CMS - 'imgdownload.php' Local File Disclosure Date : 03/27/2023 Exploit Author : Hadi Mene Vendor Homepage : https://www.gdidees.eu/ Software Link : https://www.gdidees.eu/cms-1-0.html Version : 3.9.1 and earlier Tested on : Debian 11 CVE : CVE-2023-27179 Summary: GDidees C...

WordPress Kaya QR Code Generator Plugin <= 1.5.2 is vulnerable to Cross Site Scripting (XSS)

Software Kaya QR Code Generator Type Plugin Vulnerable versions = 1.5.2 Fixed in 1.5.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-30784 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e6805ca51cf5 Credits Mika Required...

GDidees CMS 3.9.1 Local File Disclosure / Directory Traversal

Exploit Title: GDidees CMS - 'imgdownload.php' Local File Disclosure Date : 03/27/2023 Exploit Author : Hadi Mene Vendor Homepage : https://www.gdidees.eu/ Software Link : https://www.gdidees.eu/cms-1-0.html Version : 3.9.1 and earlier Tested on : Debian 11 CVE : CVE-2023-27179 Summary: GDidees C...

Brave Software: Open redirect due to scanning QR code via brave browser

An open redirect vulnerability was discovered in Brave's QR code scanner, which allowed attackers to direct users to malicious sites without their consent or knowledge. This vulnerability put the security of Brave users at risk and allowed them to be exposed to phishing and malware attacks. The...

Overview of Google Play threats sold on the dark web

In 2022, Kaspersky security solutions detected 1,661,743 malware or unwanted software installers, targeting mobile users. Although the most common way of distributing such installers is through third-party websites and dubious app stores, their authors every now and then manage to upload them to...

Brave Software: UXss on brave browser via scan QR Code

A UXss vulnerability was found in Brave browser on Android 13, allowing an attacker to execute Xss on all open domains by scanning a QR code containing a malicious URL. The vulnerability could potentially allow attackers to steal victim's cookies and affect various websites...

How to set up two-factor authentication on Twitter using an app

If you use text based authentication as an additional level of security for your Twitter account, you may be aware that this option will be reserved for paying Twitter Blue subscribers come mid-March. This post will explain how to enable app based authentication. We found it easier to do on our...

QR code generator My QR Code leaks users’ login data and addresses

By Waqas My QR Code was informed about the leak almost two weeks ago, yet it failed to respond or secure its server. This is a post from HackRead.com Read the original post: QR code generator My QR Code leaks users login data and addresses...

CVE-2019-17003

Scanning a QR code that contained a javascript: URL would have resulted in the Javascript being executed...

Code injection

Scanning a QR code that contained a javascript: URL would have resulted in the Javascript being executed...

CVE-2019-17003

Scanning a QR code that contained a javascript: URL would have resulted in the Javascript being executed...

CVE-2019-17003

Scanning a QR code that contained a javascript: URL would have resulted in the Javascript being executed...