151 matches found
CVE-2020-26801
A stored cross-site scripting XSS vulnerability was discovered in /Forms/devicevars1 on TrippLite SU2200RTXL2Ua with firmware version 12.04.0055. This vulnerability allows authenticated attackers to obtain other users' information via a crafted POST request...
LabCup 授权问题漏洞
LabCup is a laboratory and research organization software management system from LabCup Ireland. It helps academic researchers and safety officers with chemical inventory management, risk assessment and compliance. An authorization issue vulnerability exists in LabCup, which arises from the abili...
VulnCheck KEV: CVE-2019-9880
An issue was discovered in the WPGraphQL 0.2.3 plugin for WordPress. By querying the 'users' RootQuery, it is possible, for an unauthenticated attacker, to retrieve all WordPress users details such as email address, role, and username...
Fashion marketplace giant 21 Buttons exposes millions of users’ data
By Sudais Asif According to researchers, the misconfigured AWS bucket is still exposed and 21 Buttons has not responded to them. This is a post from HackRead.com Read the original post: Fashion marketplace giant 21 Buttons exposes millions of users data...
Animal Jam data breach – Hacker leaks database with millions of accounts
By Waqas The developer of famous online playground Animal Jam has suffered a data breach that exposed tens of millions of users' data. This is a post from HackRead.com Read the original post: Animal Jam data breach - Hacker leaks database with millions of accounts...
CVE-2020-15263 XSS in platform
In platform before version 9.4.4, inline attributes are not properly escaped. If the data that came from users was not escaped, then an XSS vulnerability is possible. The issue was introduced in 9.0.0 and fixed in 9.4.4...
Mail.ru: Users information leak at sbermarket.ru
sbermarket.ru application could disclosure personal information from another request due to invalid caching settings...
CVE-2020-11813
In Rukovoditel 2.5.2, there is a stored XSS vulnerability on the configuration page via the copyright text input. Thus, an attacker can inject a malicious script to steal all users' valuable data. This copyright text is on every page so this attack vector can be very dangerous...
Cross site scripting
In Rukovoditel 2.5.2, there is a stored XSS vulnerability on the configuration page via the copyright text input. Thus, an attacker can inject a malicious script to steal all users' valuable data. This copyright text is on every page so this attack vector can be very dangerous...
Cloud Industry CMS has an overstepping vulnerability
Yunye CMS is an enterprise website building system developed by Luoyang Yunye Information Technology Co. Yunye CMS has an override vulnerability that can be exploited by attackers to obtain information about other users...
Shenzhen ShuoWin Interactive Information Technology Co., Ltd. website building system has unauthorized access vulnerabilities
Shenzhen Shuowin Interactive Information Technology Co., Ltd. is an Internet technology development, product design, economic and trade consulting and other projects. Shenzhen Shuowin Interactive Information Technology Co., Ltd. website building system has an overstepping vulnerability, attackers...
Facebook to Pay $5 Billion Fine to Settle FTC Privacy Investigation
After months of negotiations, the United States Federal Trade Commission FTC has approved a record $5 billion settlement with Facebook over its privacy investigation into the Cambridge Analytica scandal. The settlement will put an end to a wide-ranging probe that began more than a year ago and...
Information leakage vulnerability in the "personal data" section of the Palm Parent App
Palm Good Parent App is an educational software for parents. An information leakage vulnerability exists in the "Personal Information" section of Palm Parent App. Attackers can obtain information about other users by tampering with packets...
Apple Transfers Chinese Users' iCloud Data to State-Controlled Data Centers
There's terrible news for Apple users in China. Apple's Chinese data center partner has transferred iCloud data, belonging to 130 million China-based users, to a cloud storage service managed by a state-owned mobile telecom provider—raising concerns about privacy. Back in February this year, Appl...
Synology Surveillance Station File and Directory Information Disclosure Vulnerability
Synology Surveillance Station is a video management application from Synology, and User Profile is one of the user information storage files. An information disclosure vulnerability exists in SYNO.SurveillanceStation.PersonalSettings.Photo in Synology Surveillance Station versions prior to...
CVE-2016-2974
IBM Sametime Connect 8.5.2 and 9.0, after uninstalling the Sametime Rich Client, could disclose potentially sensitive information related to the Sametime environment as well as other users on the local machine of the user. IBM X-Force ID: 113934...
Wingstop's Android App has an overstepping vulnerability
Yonganxing App is a service platform that guides green shared mobility in the city. Yonganxing Android App suffers from an overstepping vulnerability, where an attacker utilizes the signature algorithm of the data communicated with the server side to overstep its authority to view other users'...
GroupSession fails to restrict access permissions
Overview GroupSession provided by Japan Total System Co.,Ltd. is open source groupware. GroupSession fails to restrict access permissions. Norihiko Hirukawa of FiveDrive Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...
Ubiquiti Robotics Alpha2 Android app has a parallel override vulnerability
Ubitus is a company that integrates artificial intelligence and humanoid robotics research and development, platform software development and utilization, and product sales. A parallel override vulnerability exists in the Ubitus Robotics Alpha2 Android app. Due to the Ubiquiti Alpha2 Android app'...
CVE-2016-9416
SQL injection vulnerability in the users data handler in MyBB aka MyBulletinBoard before 1.8.8 and MyBB Merge System before 1.8.8 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...