Input validation

IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could disclose sensitive information due to hazardous input validation during QR code generation. IBM X-Force ID: 212040...

CVE-2021-38957

IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could disclose sensitive information due to hazardous input validation during QR code generation. IBM X-Force ID: 212040...

CVE-2021-38957

CVE-2021-38957 affects IBM Security Verify Access (ISVA) 10.0.0.0/10.0.1.0/10.0.2.0. Root cause: hazardous input validation during QR code generation that could disclose sensitive information. Impact: information disclosure. Remediation: upgrade ISVA appliances to 10.0.3-ISS-ISVA-FP0000 (and late...

North Korean Hackers Start New Year with Attacks on Russian Foreign Ministry

A North Korean cyberespionage group named Konni has been linked to a series of targeted attacks aimed at the Russian Federation's Ministry of Foreign Affairs MID with New Year lures to compromise Windows systems with malware. "This activity cluster demonstrates the patient and persistent nature o...

Universal XSS

Firefox for android is vulnerable to universal XSS. it is caused by improper sanitization when processing a URL scanned from a QR code...

Mozilla Firefox Cross-Site Scripting Vulnerability (CNVD-2021-99622)

Mozilla Firefox is an open source Web browser from the Mozilla Foundation. Mozilla Firefox has a cross-site scripting vulnerability that stems from the fact that the product does not effectively filter the special characters in the Url in the QR code, which can be exploited by attackers to execut...

CVE-2021-43530

A Universal XSS vulnerability was present in Firefox for Android resulting from improper sanitization when processing a URL scanned from a QR code. This bug only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox 94...

Design/Logic Flaw

A Universal XSS vulnerability was present in Firefox for Android resulting from improper sanitization when processing a URL scanned from a QR code. This bug only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox 94...

CVE-2021-43530

A Universal XSS vulnerability was present in Firefox for Android resulting from improper sanitization when processing a URL scanned from a QR code. This bug only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox 94...

CVE-2021-43530

A Universal XSS vulnerability was present in Firefox for Android resulting from improper sanitization when processing a URL scanned from a QR code. This bug only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox 94...

CVE-2021-43530

A Universal XSS vulnerability was present in Firefox for Android resulting from improper sanitization when processing a URL scanned from a QR code. This bug only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox 94...

300,000 Android users impacted by malware apps on Play Store

By Waqas In total, 4 different banking trojan malware disguised as cryptocurrency apps, QR code readers, PDF scanners, fitness monitors, etc. were identified on the Play Store. This is a post from HackRead.com Read the original post: 300,000 Android users impacted by malware apps on Play Store...

Wire Fraud Scam Upgraded with Bitcoin

The FBI has issued a bulletin describing a bitcoin variant of a wire fraud scam: As the agency describes it, the scammer will contact their victim and somehow convince them that they need to send money, either with promises of love, further riches, or by impersonating an actual institution like a...

UPDATE: EU’s Green Pass Vaccination ID Private Key Leaked or Forge

As of Thursday morning Eastern time, Adolf Hitler and Mickey Mouse could still validate their digital Covid passes, SpongeBob Squarepants was out of luck, and the European Union was investigating a leak of the private key used to sign the EU’s Green Pass vaccine passports. Two days earlier, on...

Free BrewDog beer with a side order of shareholder PII?

TL;DR BrewDog exposed the details of over 200,000 ‘Equity for Punks’ shareholders for over 18 months plus many more customers Every mobile app user was given the same hard coded API Bearer Token, rendering request authorisation useless It was therefore trivial for any user to access any other...

CVE-2021-37786

Certain Federal Office of Information Technology Systems and Telecommunication FOITT products are affected by improper handling of exceptional conditions. This affects COVID Certificate App IOS 2.2.0 and below affected, patch in progress and COVID Certificate Check App IOS 2.2.0 and below affecte...

Code injection

Certain Federal Office of Information Technology Systems and Telecommunication FOITT products are affected by improper handling of exceptional conditions. This affects COVID Certificate App IOS 2.2.0 and below affected, patch in progress and COVID Certificate Check App IOS 2.2.0 and below affecte...

CVE-2021-37786

Certain Federal Office of Information Technology Systems and Telecommunication FOITT products are affected by improper handling of exceptional conditions. This affects COVID Certificate App IOS 2.2.0 and below affected, patch in progress and COVID Certificate Check App IOS 2.2.0 and below affecte...

Commons Conservancy eduVPN 输入验证错误漏洞

Commons Conservancy eduVPN is a project of the Commons Conservancy Foundation for secure Internet access for R&E. Commons Conservancy eduVPN suffers from an input validation error vulnerability that stems from vpn-user-portal on Debian 10, Debian 11, and Fedora prior to version 2.3.14 Due to a QR...

COVID-19 Contact Tracing System With QR Code Scanning 1.0 SQL Injection

Exploit Title: Covid-19 Contact Tracing System Web App with QR Code Scanning CTS-QR by: oretnom23 v1.0 remote SQL-Injection-Bypass-Authentication in /ctsqr/classes/Login.php + XSS-Stored PWNED PHPSESSID Vulnerable parameter "code" in applicatoin State/Province List. Author: nu11secur1ty Testing a...