72 matches found
PT-2024-36357 · Apple · Apple Macos
Name of the Vulnerable Software and Affected Versions: macOS versions prior to 15.2 Description: A malicious application may be able to determine a user's current location. The issue was resolved by sanitizing logging. Recommendations: For versions prior to 15.2, update to macOS Sequoia 15.2 to...
CVE-2024-27839
A privacy issue was addressed by moving sensitive data to a more secure location. This issue is fixed in iOS 17.5 and iPadOS 17.5. A malicious application may be able to determine a user's current location...
CVE-2024-27839
A privacy issue was addressed by moving sensitive data to a more secure location. This issue is fixed in iOS 17.5 and iPadOS 17.5. A malicious application may be able to determine a user's current location...
FTC Bans InMarket for Selling Precise User Location Without Consent
The U.S. Federal Trade Commission FTC is continuing to clamp down on data brokers by prohibiting InMarket Media from selling or licensing precise location data. The settlement is part of allegations that the Texas-based company did not inform or seek consent from consumers before using their...
CVE-2023-31217
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in MyTechTalky User Location and IP plugin = 1.6 versions...
CVE-2023-31217
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in MyTechTalky User Location and IP plugin = 1.6 versions...
Cross site scripting
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in MyTechTalky User Location and IP plugin = 1.6 versions...
CVE-2023-31217 WordPress User Location and IP Plugin <= 1.6 is vulnerable to Cross Site Scripting (XSS)
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in MyTechTalky User Location and IP plugin = 1.6 versions...
CVE-2023-31217
CVE-2023-31217 is a stored XSS vulnerability in the WordPress plugin MyTechTalky User Location and IP . Affected versions are reported as 1.6 and earlier (some sources indicate up to 1.7). The issue arises from input handling in the plugin’s user-location/IP feature, enabling stored cross-site sc...
WordPress Plugin User Location and IP Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
WordPress User Location and IP Plugin <= 1.7 is vulnerable to Cross Site Scripting (XSS)
Software User Location and IP Type Plugin Vulnerable versions = 1.7 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-31217 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 8aceab066d00 Credits deokhunKim Required...
CVE-2023-38605
This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Ventura 13.5. An app may be able to determine a user’s current location...
CVE-2023-36862
A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Ventura 13.5. An app may be able to determine a user’s current location...
WhosHere Plus. Trilateration vulnerability
WhosHere Plus is a dating app that uses GPS data to recommend users near to each other, based on similar interests. PTP constantly researches the state of privacy and security in apps that use GPS data, because the consequences of poor security and privacy are alarming: Tracking and snooping on a...
SUSE CVE-2009-4629
Mozilla Necko, as used in Thunderbird 3.0.1, SeaMonkey, and other applications, performs DNS prefetching even when the app type is APPTYPEMAIL or APPTYPEEDITOR, which makes it easier for remote attackers to determine the network location of the application's user by logging DNS requests, as...
GHSA-J8CX-J9J2-F29W Insecure Storage of Sensitive Information in Microweber
Microweber prior to version 1.3 does not strip images of EXIF data, exposing information about users' locations, device hardware, and device software...
Shazam Vulnerability exposed location of Android, iOS users
By Sudais Asif The vulnerability in Shazam was identified in 2019 but the details of it were only revealed last week. Cant find out whats the name of that song on television? You know wholl help - Shazam. Recently though, a vulnerability found in the popular app which could allow a malicious acto...
New 5G Network Flaws Let Attackers Track Users' Locations and Steal Data
As 5G networks are being gradually rolled out in major cities across the world, an analysis of its network architecture has revealed a number of potential weaknesses that could be exploited to carry out a slew of cyber assaults, including denial-of-service DoS attacks to deprive subscribers of...
Authentication Bug Opens Android Smart-TV Box to Data Theft
A critical bug in the Hindotech HK1 TV Box would allow root-privilege escalation thanks to improper access control. A successful exploit would allow attackers to steal social-networking account tokens, Wi-Fi passwords, cookies, saved passwords, user-location data, message history, emails, contact...
US Secret Service used ‘Locate X’ to track user location without warrant
By Zara Khan Locate X collects location data from smartphone apps. This is a post from HackRead.com Read the original post: US Secret Service used Locate X to track user location without warrant...