CVE-2023-49599

An insufficient entropy vulnerability exists in the salt generation functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted series of HTTP requests can lead to privilege escalation. An attacker can gather system information via HTTP requests and brute force the salt offline...

PT-2024-13761 · Wwbn · Avideo

Name of the Vulnerable Software and Affected Versions: WWBN AVideo dev master commit 15fed957fb Description: An insufficient entropy vulnerability exists in the salt generation functionality. A specially crafted series of HTTP requests can lead to privilege escalation. An attacker can gather syst...

K25434422: NGINX Controller vulnerability CVE-2020-5899

Security Advisory Description Recovery code required to change a user's password is transmitted and stored in the database in plain text, which allows an attacker who can intercept the database connection or have read access to the database, to request a password reset using the email address of...

How to set up two-factor authentication on Twitter using an app

If you use text based authentication as an additional level of security for your Twitter account, you may be aware that this option will be reserved for paying Twitter Blue subscribers come mid-March. This post will explain how to enable app based authentication. We found it easier to do on our...

Crypto-scams you should be steering clear of in 2021

A fair few cryptocurrency scams have been doing the rounds across 2021. Most of them are similar if not identical to tactics used in previous years with an occasional twist. Here’s some of the most visible ones you should be steering clear of. Recovery code theft Many Bitcoin wallets make use of...

CVE-2020-5899

In NGINX Controller 3.0.0-3.4.0, recovery code required to change a user's password is transmitted and stored in the database in plain text, which allows an attacker who can intercept the database connection or have read access to the database, to request a password reset using the email address ...

Default credentials

In NGINX Controller 3.0.0-3.4.0, recovery code required to change a user's password is transmitted and stored in the database in plain text, which allows an attacker who can intercept the database connection or have read access to the database, to request a password reset using the email address ...

F5 NGINX Controller Authorization Issue Vulnerability (CNVD-2020-51553)

F5 NGINX Controller is a centralized monitoring and management platform for NGINX from F5. The platform supports the management of multiple NGINX instances using a visual interface. An authorization issue vulnerability exists in F5 NGINX Controller versions 3.0.0 through 3.4.0 in NGINX Controller...

h1-ctf: [h1-415 2020] H1-415 CTF Writeup by W--

H1-415 CTF Writeup Intro HackerOne kicked off this year's H1-415 CTF with the following tweet: F692033 Loading the target challenge website shows that the website is called My Docz Converter. A quick look at the challenge website shows that it allows users to register an account and then upload a...

Bumble: Bruteforce password recovery code

Summary It's possible to bruteforce recovery code from SMS as iOS application doesn't have limits for incorrect inputs. I have tried 50+ different combinations until I reached code from SMS. Steps To Reproduce 1. Click "Use another option" on application startup view 1. Enter your phone number 1...

Mail.ru: [agent.33slona.ru] Recovery code bruteforce

It was possible to bruteforce mobile recovery code...

ASP.NET Core Multiple Vulnerabilities - Windows

ASP.NET Core is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:microsoft:asp.netcore";...

Microsoft ASP.NET Core Cross-Site Request Forgery Vulnerability

Microsoft ASP.NET Core is a cross-platform open source framework from Microsoft Corporation USA. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. A cross-site request forgery vulnerability exists in Microsoft ASP.NET Core...

Hikvision iVMS-4200 Password Recovery Vulnerability

Hikvision iVMS-4200 is a suite of video surveillance software from Hikvision China. A security vulnerability exists in Hikvision iVMS-4200 that allows local attackers to exploit the vulnerability to generate password recovery code...

Legal Robot: No notification on change password feature

A security researcher discovered that Legal Robot did not send notifications on important account changes, like password changes. While there was no specific security vulnerability, we decided to add notifications for Password Change, TOTP Enable/Disable, U2F Enable/Disable, Recovery Code Use, an...

Legal Robot: Missing link to 2FA recovery code

While going live with additional 2FA options, a security researcher discovered that while we provide a TOTP fallback and Recovery code fallback for users that have enabled U2F, we neglected to do this for TOTP-only users. All users that have enabled TOTP or U2F 2FA should have been able to access...

UBUNTU-CVE-2015-8889

The aboot implementation in the Qualcomm components in Android before 2016-07-05 on Nexus 6P devices omits the recovery PIN feature, which has unspecified impact and attack vectors, aka Android internal bug 28822677 and Qualcomm internal bug CR804067...

OracleVM 3.1 : xen (OVMSA-2013-0043)

The remote OracleVM system is missing necessary patches to address critical security updates : - x86/xsave: properly check guest input to XSETBV Other than the HVM emulation path, the PV case so far failed to check that YMM state requires SSE state to be enabled, allowing for a GP to occur upon...

Microsoft Protects User Accounts with New Security Features

Microsoft announced yesterday that it will complement the two-factor authentication it enabled for account holders in April with additional security features designed to deny account hijacking and unauthorized access. Windows PC and mobile users, along with Outlook, SkyDrive, Xbox, Skype and othe...