30 matches found
FBI Recovers Deleted Signal Messages Through iPhone Notifications
Signal messages may persist in iPhone notification data, enabling FBI access even after deletion, a court case reveals...
EUVD-2023-58616
Malicious code in bioql PyPI...
EUVD-2023-58583
Malicious code in bioql PyPI...
Windscribe Acquitted on Charges of Not Collecting Users’ Data
The company doesn't keep logs, so couldn't turn over data: Windscribe, a globally used privacy-first VPN service, announced today that its founder, Yegor Sak, has been fully acquitted by a court in Athens, Greece, following a two-year legal battle in which Sak was personally charged in connection...
Pegasus spyware creator ordered to reveal code used to spy on WhatsApp users
A California federal judge has ordered spyware maker NSO Group to hand over the code for Pegasus and other spyware products that were used to spy on WhatsApp users. Meta-owned WhatsApp has been fighting NSO in court since 2019, after Pegasus was allegedly used against 1,400 WhatsApp users over th...
CVE-2023-6375
Tyler Technologies Court Case Management Plus may store backups in a location that can be accessed by a remote, unauthenticated attacker. Backups may contain sensitive information such as database credentials...
CVE-2023-6354
Tyler Technologies Magistrate Court Case Management Plus allows an unauthenticated, remote attacker to upload, delete, and view files by manipulating the PDFViewer.aspx 'filename' parameter...
CVE-2023-6344
Tyler Technologies Court Case Management Plus allows a remote, unauthenticated attacker to enumerate directories using the tiffserver/te003.aspx or te004.aspx 'ifolder' parameter. This behavior is related to the use of a deprecated version of Aquaforest TIFF Server, possibly 2.x. The vulnerable...
CVE-2023-6343
Tyler Technologies Court Case Management Plus allows a remote, unauthenticated attacker to enumerate and access sensitive files using the tiffserver/tssp.aspx 'FN' and 'PN' parameters. This behavior is related to the use of a deprecated version of Aquaforest TIFF Server, possibly 2.x. The...
CVE-2023-6342
Tyler Technologies Court Case Management Plus allows a remote attacker to authenticate as any user by manipulating at least the 'CmWebSearchPfp/Login.aspx?xyzldk=' and 'payforprintCM/Redirector.ashx?userid=' parameters. The vulnerable "pay for print" feature was removed on or around 2023-11-01...
Information disclosure
Tyler Technologies Court Case Management Plus may store backups in a location that can be accessed by a remote, unauthenticated attacker. Backups may contain sensitive information such as database credentials...
Default configuration
Tyler Technologies Court Case Management Plus allows a remote, unauthenticated attacker to enumerate directories using the tiffserver/te003.aspx or te004.aspx 'ifolder' parameter. This behavior is related to the use of a deprecated version of Aquaforest TIFF Server, possibly 2.x. The vulnerable...
Design/Logic Flaw
Tyler Technologies Court Case Management Plus allows a remote, unauthenticated attacker to enumerate and access sensitive files using the tiffserver/tssp.aspx 'FN' and 'PN' parameters. This behavior is related to the use of a deprecated version of Aquaforest TIFF Server, possibly 2.x. The...
CVE-2023-6375
Tyler Technologies Magistrate Court Case Management Plus stores backups insecurely, enabling remote, unauthenticated access. Backups may expose sensitive data, including database credentials. Root cause: insufficient access controls for backup locations. Impact: confidentiality risk; no exploitat...
CVE-2023-6344 Tyler Technologies Court Case Management Plus use of Aquaforest TIFF Server te003.aspx and te004.aspx allows authentication bypass
Tyler Technologies Court Case Management Plus allows a remote, unauthenticated attacker to enumerate directories using the tiffserver/te003.aspx or te004.aspx 'ifolder' parameter. This behavior is related to the use of a deprecated version of Aquaforest TIFF Server, possibly 2.x. The vulnerable...
CVE-2023-6344
CVE-2023-6344 affects Tyler Technologies Court Case Management Plus and involves directory enumeration via the tiffserver/te003.aspx or te004.aspx 'ifolder' parameter. The underlying root cause is tied to a deprecated Aquaforest TIFF Server version (likely 2.x); the vulnerable TIFF Server feature...
CVE-2023-6343
The CVE describes a vulnerability in Tyler Technologies Court Case Management Plus related to the Aquaforest TIFF Server used for handling TIFF files. Affected component: Aquaforest TIFF Server (integrated via Tyler’s court management solution). Vulnerability occurs in TIFF Server features access...
CVE-2023-6343 Tyler Technologies Court Case Management Plus use of Aquaforest TIFF Server tssp.aspx allows authentication bypass
Tyler Technologies Court Case Management Plus allows a remote, unauthenticated attacker to enumerate and access sensitive files using the tiffserver/tssp.aspx 'FN' and 'PN' parameters. This behavior is related to the use of a deprecated version of Aquaforest TIFF Server, possibly 2.x. The...
CVE-2023-6343 Tyler Technologies Court Case Management Plus use of Aquaforest TIFF Server tssp.aspx allows authentication bypass
Tyler Technologies Court Case Management Plus allows a remote, unauthenticated attacker to enumerate and access sensitive files using the tiffserver/tssp.aspx 'FN' and 'PN' parameters. This behavior is related to the use of a deprecated version of Aquaforest TIFF Server, possibly 2.x. The...
CVE-2023-6342 Tyler Technologies Court Case Management Plus "pay for print" allows authentication bypass
Tyler Technologies Court Case Management Plus allows a remote attacker to authenticate as any user by manipulating at least the 'CmWebSearchPfp/Login.aspx?xyzldk=' and 'payforprintCM/Redirector.ashx?userid=' parameters. The vulnerable "pay for print" feature was removed on or around 2023-11-01...