CVE-2024-33003

Some OCC API endpoints in SAP Commerce Cloud allows Personally Identifiable Information PII data, such as passwords, email addresses, mobile numbers, coupon codes, and voucher codes, to be included in the request URL as query or path parameters. On successful exploitation, this could lead to a Hi...

CVE-2024-33003

CVE-2024-33003 affects SAP Commerce Cloud via the OCC API Endpoint component. The root issue is that certain OCC API endpoints may include PII (passwords, emails, mobile numbers, coupon/voucher codes) in the request URL as query or path parameters, leading to potential disclosure and integrity im...

GO-2024-3035 Filestash skips TLS certificate verification process when sending out email verification codes in github.com/mickael-kerjean/filestash

Filestash skips TLS certificate verification process when sending out email verification codes in github.com/mickael-kerjean/filestash...

Cybercriminals Deploy 100K+ Malware Android Apps to Steal OTP Codes

A new malicious campaign has been observed making use of malicious Android apps to steal users' SMS messages since at least February 2022 as part of a large-scale campaign. The malicious apps, spanning over 107,000 unique samples, are designed to intercept one-time passwords OTPs used for online...

CVE-2024-41256

Default configurations in the ShareProofVerifier function of filestash v0.4 causes the application to skip the TLS certificate verification process when sending out email verification codes, possibly allowing attackers to access sensitive data via a man-in-the-middle attack...

OneDrive Pastejacking

OneDrive Pastejacking: The crafty phishing and downloader campaign By Rafael Pena · July 29, 2024 Over the past few weeks, the Trellix Advanced Research Center has observed a sophisticated Phishing/downloader campaign targeting Microsoft OneDrive users. This campaign heavily relies on social...

QR Codes: Convenience or Cyberthreat?

Security awareness and measures to detect and prevent sophisticated risks associated with QR code-based phishing attacks quishing...

Windows Event Codes Generated by Provisioning Services BNIStack

...

CVE-2024-39340

The authentication system of Securepoint UTM mishandles OTP keys. This allows the bypassing of second-factor verification when OTP is enabled in both the administration web interface and the user portal. Affected versions include UTM 11.5 through 12.6.4 and Reseller Preview 12.7.0. The issue has...

CVE-2024-39340

The authentication system of Securepoint UTM mishandles OTP keys. This allows the bypassing of second-factor verification when OTP is enabled in both the administration web interface and the user portal. Affected versions include UTM 11.5 through 12.6.4 and Reseller Preview 12.7.0. The issue has...

CVE-2024-39340

The authentication system of Securepoint UTM mishandles OTP keys. This allows the bypassing of second-factor verification when OTP is enabled in both the administration web interface and the user portal. Affected versions include UTM 11.5 through 12.6.4 and Reseller Preview 12.7.0. The issue has...

CVE-2024-39340

CVE-2024-39340 affects Securepoint UTM and related products. The authenticated OTP mechanism mishandles OTP keys, allowing bypass of second-factor verification when OTP is enabled in both the administration web interface and the user portal. Affected versions include Securepoint UTM 11.5 through ...

HackerOne: TOTP Authenticator implementation Accepts Expired Codes

Vulnerability description not provided...

(Pwn2Own) Wyze Cam v3 Wi-Fi SSID OS Command Injection Remote Code Execution Vulnerability

This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Wyze Cam v3 IP cameras. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SSIDs embedded in scanned QR codes. The issue results...

PT-2024-37479 · Wyze · Wyze Cam V3

Name of the Vulnerable Software and Affected Versions: Wyze Cam v3 affected versions not specified Description: This issue allows physically present attackers to execute arbitrary code on affected installations of Wyze Cam v3 IP cameras. The specific flaw exists within the handling of SSIDs...

CVE-2022-45168

An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Bypass of Two-Factor Authentication can occur under the /login/backupcode endpoint and the /api/v1/vdeskintegration/createbackupcodes endpoint, because the application allows a user to generate or regenerate the backup codes...

CVE-2022-45168

An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Bypass of Two-Factor Authentication can occur under the /login/backupcode endpoint and the /api/v1/vdeskintegration/createbackupcodes endpoint, because the application allows a user to generate or regenerate the backup codes...

LIVEBOX Collaboration vDesk Security Vulnerability

LIVEBOX Collaboration vDesk is an application from LIVEBOX, Inc. A security vulnerability exists in LIVEBOX Collaboration vDesk v018 and prior versions, which stems from the application allowing a user to generate or regenerate backup code prior to checking TOTP, where a two-factor authentication...

CVE-2024-4468

The Salon booking system plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on several functions hooked into admininit in all versions up to, and including, 9.9. This makes it possible for authenticated attackers with subscriber...

CVE-2024-4468

The Salon booking system plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on several functions hooked into admininit in all versions up to, and including, 9.9. This makes it possible for authenticated attackers with subscriber...