Covid-19 Contact Tracing System Web App with QR Code Scanning - SQL-Injection-Bypass-Authentication

The Covid-19 Contact Tracing System Web App with QR Code Scanning is vulnerable in the application /ctsqr/classes/Login.php from SQL-Injection-Bypass-Authentication m0re info: . The parameter username from the login form is not protected correctly and there is no security and escaping from...

COVID-19 Contact Tracing System With QR Code Scanning 1.0 SQL Injection Exploit

COVID-19 Contact Tracing System web app with QR Code Scanning version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass. Exploit Title: Covid-19 Contact Tracing System Web App with QR Code Scanning CTS-QR by: oretnom23 v1.0 remote...

QR Code Scammers Get Creative with Bitcoin ATMs

With the use of QR codes rising, so, too, are the numbers of scams that aim to take advantage of them. Researchers warned that threat actors are going so far as to send potential victims to gas stations to use Bitcoin ATMs in their endeavors to exploit the technology. The Better Business Bureau B...

CVE-2021-33839

Luca through 1.7.4 on Android allows remote attackers to obtain sensitive information about COVID-19 tracking because the QR code of a Public Location can be intentionally confused with the QR code of a Private Meeting...

Code injection

Luca through 1.7.4 on Android allows remote attackers to obtain sensitive information about COVID-19 tracking because the QR code of a Public Location can be intentionally confused with the QR code of a Private Meeting...

CVE-2021-33839

CVE-2021-33839 affects Luca for Android up to version 1.7.4. The root cause is the QR code handling that can confuse a Public Location QR with a Private Meeting QR, enabling remote attackers to obtain sensitive COVID-19 tracking information. Impact: confidentiality at HIGH (C in CVSS3.1), exploit...

CVE-2021-33839

Luca through 1.7.4 on Android allows remote attackers to obtain sensitive information about COVID-19 tracking because the QR code of a Public Location can be intentionally confused with the QR code of a Private Meeting...

Code injection

Unconstrained Web access to the device's private encryption key in the QR code pairing mode in the eWeLink mobile application through 4.9.2 on Android and through 4.9.1 on iOS allows a physically proximate attacker to eavesdrop on Wi-Fi credentials and other sensitive information by monitoring th...

CVE-2021-27941

Unconstrained Web access to the device's private encryption key in the QR code pairing mode in the eWeLink mobile application through 4.9.2 on Android and through 4.9.1 on iOS allows a physically proximate attacker to eavesdrop on Wi-Fi credentials and other sensitive information by monitoring th...

CVE-2021-27941

The CVE-2021-27941 entry pertains to the eWeLink mobile application (QR code pairing mode) where unconstrained web access to the device’s private encryption key could let a physically proximate attacker monitor a device pairing process and eavesdrop on Wi‑Fi credentials and other sensitive inform...

Anti-Vaxxer Hijacks QR Codes at COVID-19 Check-In Sites

Quick-response QR codes used by a COVID-19 contact-tracing program were hijacked by a man who simply slapped up scam QR codes on top to redirect users to an anti-vaccination website, according to local police. He now faces two counts of “obstructing operations carried out relative to COVID-19 und...

CVE-2021-21208

Insufficient data validation in QR scanner in Google Chrome on iOS prior to 90.0.4430.72 allowed an attacker displaying a QR code to perform domain spoofing via a crafted QR code...

UBUNTU-CVE-2021-21208

Insufficient data validation in QR scanner in Google Chrome on iOS prior to 90.0.4430.72 allowed an attacker displaying a QR code to perform domain spoofing via a crafted QR code...

CVE-2021-21208

Insufficient data validation in QR scanner in Google Chrome on iOS prior to 90.0.4430.72 allowed an attacker displaying a QR code to perform domain spoofing via a crafted QR code...

CVE-2021-21208

Insufficient data validation in QR scanner in Google Chrome on iOS prior to 90.0.4430.72 allowed an attacker displaying a QR code to perform domain spoofing via a crafted QR code...

CSRF Vuln can expose user's QRcode

Impact When a user is setting up two-factor authentication using an authenticator app, a QRcode is generated and made available via a GET request to /tf-qrcode. Since GETs do not have any CSRF protection, it is possible a malicious 3rd party could access the QRcode and therefore gain access to...

TikTok: TikTok Session Donation CSRF via QR code login

A CSRF Cross Site Request Forgery vulnerability was reported in TikTok's QR code login which could have potentially caused a user to log into an attacker-controlled account. We thank @lauritz for reporting this to our team and confirming the resolution...

CVE-2021-21186

Insufficient policy enforcement in QR scanning in Google Chrome on iOS prior to 89.0.4389.72 allowed an attacker who convinced the user to scan a QR code to bypass navigation restrictions via a crafted QR code...

CVE-2021-21186

Insufficient policy enforcement in QR scanning in Google Chrome on iOS prior to 89.0.4389.72 allowed an attacker who convinced the user to scan a QR code to bypass navigation restrictions via a crafted QR code...

DEBIAN-CVE-2021-21186

Insufficient policy enforcement in QR scanning in Google Chrome on iOS prior to 89.0.4389.72 allowed an attacker who convinced the user to scan a QR code to bypass navigation restrictions via a crafted QR code...