CVE-2023-30643

CVE-2023-30643 concerns Samsung Galaxy Themes Service. A missing authentication vulnerability allows local attackers to delete arbitrary non-preloaded applications. Affected product: Galaxy Themes Service in Samsung mobile devices (prior to SMR Jul-2023 Release 1). Root cause: missing authenticat...

Google Mandates Android Apps to Offer Easy Account Deletion In-App and Online

Google is enacting a new data deletion policy for Android apps that allow account creation to also offer users with a setting to delete their accounts in an attempt to provide more transparency and control over their data. "For apps that enable app account creation, developers will soon need to...

Cross-Site Request Forgery (CSRF) in emoncms/emoncms

✍️ Description In CSRF attack if your users going to attacker website and click the mallicouse link then they able to steal users cookie, submit unwanted date, .... 🕵️‍♂️ Proof of Concept 1.you login in your account 2.you make a file contain the following html file. 3.open html as victim site...

CVE-2017-9381

An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides a user with the capability of installing or deleting apps on the device using the web management interface. It seems that the device does not implement any cross-site request forgery protection...

Smart ATM offers Cardless Cash Withdrawal to Avoid Card Skimmers

Banks have tried every effort, from providing Magnetic Stripes based Credit and Debit Cards to Chip-and-Pin Cards, in order to secure its users from credit card cloning and card Skimmers. It has been known from years that Magnetic stripe are incredibly hackable, but Chip-n-Pin cards have also bee...

UCenter存在多处CSRF（可备份数据、删除应用、删除管理员等）

简要描述： UCenter存在多处CSRF（可备份数据、删除应用、删除管理员等） 详细说明： UCenter有很多处没有判断formhash啊……都可以CSRF…… 漏洞证明： 1 删除应用 formhash为空，成功提交 2 删除管理员 formhash为空，成功删除 3 备份数据 无formhash，目录名可控 img src="https://images.seebug.org/upload/201410/041241325af3f4ef84e017e7a80...