PixPirate: New Android Banking Trojan Targeting Brazilian Financial Institutions

A new Android banking trojan has set its eyes on Brazilian financial institutions to commit fraud by leveraging the PIX payments platform. Italian cybersecurity company Cleafy, which discovered the malware between the end of 2022 and the beginning of 2023, is tracking it under the name PixPirate...

CVE-2013-10013

A vulnerability was found in Bricco Authenticator Plugin. It has been declared as critical. This vulnerability affects the function authenticate/compare of the file src/java/talentum/escenic/plugins/authenticator/authenticators/DBAuthenticator.java. The manipulation leads to sql injection...

Sql injection

A vulnerability was found in Bricco Authenticator Plugin. It has been declared as critical. This vulnerability affects the function authenticate/compare of the file src/java/talentum/escenic/plugins/authenticator/authenticators/DBAuthenticator.java. The manipulation leads to sql injection...

CVE-2013-10013 Bricco Authenticator Plugin DBAuthenticator.java compare sql injection

A vulnerability was found in Bricco Authenticator Plugin. It has been declared as critical. This vulnerability affects the function authenticate/compare of the file src/java/talentum/escenic/plugins/authenticator/authenticators/DBAuthenticator.java. The manipulation leads to sql injection...

CVE-2013-10013

The CVE concerns the Bricco Authenticator Plugin, specifically the DBAuthenticator.java authenticate/compare path. The vulnerability allows SQL injection due to improper handling in that function. Affected versions are prior to 1.39. Upgrading to version 1.39 addresses the issue (patch a5456633ff...

Bricco Authenticator Plugin SQL注入漏洞

Bricco Authenticator Plugin is an open source Escenic plugin from Bricco that provides cookie-based authentication for publishing. Bricco Authenticator Plugin suffers from a SQL injection vulnerability. An attacker could exploit this vulnerability to cause sql injection...

PT-2023-10002 · Unknown · Bricco Authenticator Plugin

Name of the Vulnerable Software and Affected Versions: Bricco Authenticator Plugin versions prior to 1.39 Description: A critical issue was found in the Bricco Authenticator Plugin, affecting the authenticate/compare function of the DBAuthenticator.java file. This issue leads to sql injection...

SpyNote Strikes Again: Android Spyware Targeting Financial Institutions

Financial institutions are being targeted by a new version of Android malware called SpyNote at least since October 2022 that combines both spyware and banking trojan characteristics. "The reason behind this increase is that the developer of the spyware, who was previously selling it to other...

CVE-2022-3994

The Authenticator WordPress plugin before 1.3.1 does not prevent subscribers from updating a site's feed access token, which may deny other users access to the functionality in certain configurations...

CVE-2022-3994

The Authenticator WordPress plugin before 1.3.1 does not prevent subscribers from updating a site's feed access token, which may deny other users access to the functionality in certain configurations...

CVE-2022-3994 Authenticator < 1.3.1 - Subscriber+ Denial of Service via Feed Token Disclosure

The Authenticator WordPress plugin before 1.3.1 does not prevent subscribers from updating a site's feed access token, which may deny other users access to the functionality in certain configurations...

CVE-2022-3994

The CVE-2022-3994 issue affects the Authenticator WordPress plugin prior to version 1.3.1. The root cause is the plugin not restricting subscribers from updating a site's feed access token, which may deny other users access to the feature in certain configurations. The documented impact is increa...

CVE-2022-3994 Authenticator < 1.3.1 - Subscriber+ Denial of Service via Feed Token Disclosure

The Authenticator WordPress plugin before 1.3.1 does not prevent subscribers from updating a site's feed access token, which may deny other users access to the functionality in certain configurations...

PT-2023-13734 · WordPress · Authenticator

Name of the Vulnerable Software and Affected Versions: Authenticator WordPress plugin versions prior to 1.3.1 Description: The issue arises from the plugin's failure to restrict subscribers from updating a site's feed access token. This could potentially deny other users access to certain...

WordPress plugin Authenticator 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

WordPress Google Authenticator has an unspecified vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The platform supports the hosting of personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. WordPress...

WordPress miniOrange Two-Factor Authentication plugin <= 5.6.1 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Calvin Alkan in WordPress miniOrange Two-Factor Authentication plugin versions = 5.6.1. Solution Update the WordPress miniOrange's Google Authenticator plugin to the latest available version at least 5.6.2...

CVE-2022-42461

Broken Access Control vulnerability in miniOrange's Google Authenticator plugin = 5.6.1 on WordPress...

CVE-2022-42461

Broken Access Control vulnerability in miniOrange's Google Authenticator plugin = 5.6.1 on WordPress...

Improper access control

Broken Access Control vulnerability in miniOrange's Google Authenticator plugin = 5.6.1 on WordPress...