163 matches found
MGASA-2024-0374 Updated zbar packages fix security vulnerabilities
A heap-based buffer overflow exists in the qrreadermatchcenters function of ZBar 0.23.90. Specially crafted QR codes may lead to information disclosure and/or arbitrary code execution. To trigger this vulnerability, an attacker can digitally input the malicious QR code, or prepare it to be...
Latest Multi-Stage Attack Scenarios with Real-World Examples
Multi-stage cyber attacks, characterized by their complex execution chains, are designed to avoid detection and trick victims into a false sense of security. Knowing how they operate is the first step to building a solid defense strategy against them. Let's examine real-world examples of some of...
openSUSE Security Advisory (SUSE-SU-2024:4050-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2024-6247
Wyze Cam v3 Wi-Fi SSID OS Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Wyze Cam v3 IP cameras. Authentication is not required to exploit this vulnerability. The specific flaw...
CVE-2024-6247
CVE-2024-6247 involves Wyze Cam v3 where the OS command injection occurs through handling of SSIDs embedded in scanned QR codes. The root cause is improper validation of a user-supplied string used in a system call, enabling a local attacker with physical access to execute code as root on affecte...
CVE-2024-6247 Wyze Cam v3 Wi-Fi SSID OS Command Injection Remote Code Execution Vulnerability
Wyze Cam v3 Wi-Fi SSID OS Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Wyze Cam v3 IP cameras. Authentication is not required to exploit this vulnerability. The specific flaw...
USN-7118-1 zbar vulnerabilities
It was discovered that ZBar did not properly handle certain QR codes. If a user or automated system using ZBar were tricked into opening a specially crafted file, an attacker could possibly use this to obtain sensitive information. CVE-2023-40889 It was discovered that ZBar did not properly handl...
Malicious QR Codes: How big of a problem is it, really?
QR codes are disproportionately effective at bypassing most anti-spam filters, as most filters are not designed to recognize that a QR code is present in an image and decode the QR code. According to Cisco Talos' data, roughly 60% of all email containing a QR code is spam. Talos discovered two...
A week in security (November 11 – November 17)
Last week on Malwarebytes Labs: Malicious QR codes sent in the mail deliver malware 122 million people’s business contact info leaked by data broker Advertisers are pushing ad and pop-up blockers using old tricks Scammer robs homebuyers of life savings in $20 million theft spree Temu must respect...
Malicious QR codes sent in the mail deliver malware
Physical letters that contain a QR code to trick people into downloading malware are being sent through the mail, according to a warning issued by The Swiss National Cyber Security Centre NCSC. The letters are sent as if they come from the official Swiss Federal Office of Meteorology and...
CVE-2024-51572
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in shawfactor LH QR Codes lh-qr-codes allows Stored XSS.This issue affects LH QR Codes: from n/a through = 1.06...
CVE-2024-51572 WordPress LH QR Codes plugin <= 1.06 - Stored Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in shawfactor LH QR Codes lh-qr-codes allows Stored XSS.This issue affects LH QR Codes: from n/a through = 1.06...
CVE-2024-51572 WordPress LH QR Codes plugin <= 1.06 - Stored Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in shawfactor LH QR Codes lh-qr-codes allows Stored XSS.This issue affects LH QR Codes: from n/a through = 1.06...
CVE-2024-51572
CVE-2024-51572 is a stored XSS in WordPress plugin LH QR Codes (versions
WordPress plugin LH QR Codes 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
PT-2024-34715 · Peter Shaw · Lh Qr Codes
Name of the Vulnerable Software and Affected Versions: LH QR Codes versions n/a through 1.06 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS in Peter Shaw LH QR Codes...
WordPress LH QR Codes plugin <= 1.06 - Stored Cross Site Scripting (XSS) vulnerability
Stored Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin LH QR Codes versions = 1.06...
WordPress LH QR Codes Plugin <= 1.06 is vulnerable to Cross Site Scripting (XSS)
Software LH QR Codes Type Plugin Vulnerable versions = 1.06 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51572 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 8fc226cfb24a Credits SOPROBRO Required privilege Contributor...
Enhancing Study with QR Codes: A Modern Educational Tool
QR codes are enhancing education by giving students instant access to study resources, interactive homework, and collaborative tools.…...
GitHub, Telegram Bots, and ASCII QR Codes Abused in New Wave of Phishing Attacks
A new tax-themed malware campaign targeting insurance and finance sectors has been observed leveraging GitHub links in phishing email messages as a way to bypass security measures and deliver Remcos RAT, indicating that the method is gaining traction among threat actors. "In this campaign,...