Friday Squid Blogging: Squid Purses

Squid-shaped purses for sale. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

how-many-bags-fit.com Cross Site Scripting vulnerability OBB-3886660

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Mars: Attacker can add two free bags offered by the site at the same time.

A vulnerability was found on the website that allowed an attacker to add two free bags offered by the site simultaneously, despite the restriction of choosing only one. This was achieved by manipulating the API responsible for adding the free bags to the cart...

andybags.cz Cross Site Scripting vulnerability OBB-3336831

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

SUSE-SU-2023:0468-1 Security update for mozilla-nss

This update for mozilla-nss fixes the following issues: Updated to NSS 3.79.4 bsc1208138: - CVE-2023-0767: Fixed handling of unknown PKCS12 safe bag types...

carbottibags.com Cross Site Scripting vulnerability OBB-3117177

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

A gym heist in London goes cyber

A thief has been stalking London. This past summer, multiple women reported similar crimes to the police: While working out at their local gyms, someone snuck into the locker rooms, busted open their locks, stole their rucksacks and gym bags, and then, within hours, purchased thousands of pounds ...

DEF CON 30. Hacking EFBs. Engine Performance

At DEF CON 30 this year we demonstrated some vulnerabilities in electronic flight bags and the potential impact on flight safety. There’s plenty more detail of EFB security issues here. As part of the Aerospace Village at DEF CON 30, we invited people to fly our flight sim under instruction from...

Attacking EFB updates

Software So who actually develops the software installed on Electronic Flight Bags EFBs? The software can originate from a large range of sources: System software developers including the OS, drivers, firmware and utility The aircraft manufacturer for Installed & Portable EFB devices The airline...

CMC Electronics EFB breakout vulnerability

We’ve been finding vulnerabilities in electronic flight bags for a few years now. Disclosure response from the vendors involved has varied from excellent to radio silence. In every case we have tried extremely hard to engage with the vendors involved, even where we were ignored. We asked friendly...

GHSA-49FJ-QP6P-Q544 Variable Tampering within joomla/input class

An issue was discovered in Joomla! 4.0.0 through 4.1.0. Under specific circumstances, JInput pollutes method-specific input bags with $REQUEST data...

delta-bags.de Improper Access Control vulnerability OBB-1433432

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

michael-kors-bags.us Cross Site Scripting vulnerability OBB-1396350

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

"Access denied" error when you use a Windows Store app to configure printer property settings in Windows

"Access denied" error when you use a Windows Store app to configure printer property settings in Windows This article describes an issue that occurs when you use a Windows Store app in Windows 8.1, Windows RT 8.1, or Windows Server 2012 R2. An update is available to resolve this issue. Before you...

mpi.mb.ca XSS vulnerability

Vulnerable URL: https://www.mpi.mb.ca/en/Rd-Safety/Occupant-Protection/Pages/air-bags.aspx?FollowSite=0=%27-confirm%27OPENBUGBOUNTY%27-%27 Details: Description| Value ---|--- Patched:| No Latest check for patch:| 27.12.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa...

Sarenza - shoes & bags - Customized SSL, Dangerous filesystem permissions, WebView SSL handling enabled vulnerabilities

HackApp vulnerability scanner discovered that application Sarenza - shoes & bags published at the 'play' market has multiple vulnerabilities...

net-a-porter.com XSS vulnerability

Vulnerable URL: http://www.net-a-porter.com/ca/en/d/Shop/Bags/?imageview=outfit--alert'XSSPOSED'...

Amoy Empire system background cookie spoofing vulnerability and the background to get shell-vulnerability warning-the black bar safety net

The accidental discovery of Amoy Empire free version of the background can be a cookie trick Tools: the Veteran's cookies'cheat tool Keywords: classification - Mall - brand - woman - man - beauty - shoes and bags - digital - home - food First open the tool the cookie to COOKIEadminuser=admin;...