2352 matches found
Securing GraphQL API
Introduction to GraphQL Representational state transfer REST APIs are the most popular type of API. However, GraphQL is rapidly growing in popularity as a competitor to REST. GraphQL is a meta-layer with built-in query language to access object-oriented data. It’s based on JSON-encoded HTTP...
Operational resilience in a remote work world
Microsoft CEO Satya Nadella recently said, “We have seen two years’ worth of digital transformation in two months.” This is a result of many organizations having to adapt to the new world of document sharing and video conferencing as they become distributed organizations overnight. At Microsoft, ...
steuerberaten.de Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1164528 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website...
CVE-2020-12859
The CVE concerns COVIDSafe’s OpenTrace/BlueTrace protocol (up to v1.0.17). Unnecessary fields in the protocol payload allow a remote attacker to identify a device model by observing cleartext data, enabling re-identification of devices, particularly for less common phone models or in low-density ...
CVE-2020-12685
XSS in the admin help system admin/help.html and admin/quicklinks.html in Interchange 4.7.0 through 5.11.x allows remote attackers to steal credentials or data via browser JavaScript...
CVE-2020-6243
The CVE-2020-6243 entry affects SAP Adaptive Server Enterprise (XP Server on Windows), specifically versions 15.7 and 16.0. The root cause is that the extended stored procedure execution may not perform necessary checks for an authenticated user, allowing an attacker to read, modify, or delete re...
Over 4000 Android Apps Expose Users' Data via Misconfigured Firebase Databases
More than 4,000 Android apps that use Google's cloud-hosted Firebase databases are 'unknowingly' leaking sensitive information on their users, including their email addresses, usernames, passwords, phone numbers, full names, chat messages and location data. The investigation, led by Bob Diachenko...
yattag.org Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1158981 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website...
Zoho ManageEngine DataSecurity Plus DataEngine Xnode Server Application Path Traversal Vulnerability
Zoho ManageEngine DataSecurity Plus is a sensitive data management solution from Zoho USA. The product features data leakage prevention, data risk assessment and file server auditing. A path traversal vulnerability exists in the Zoho ManageEngine DataSecurity Plus DataEngine Xnode Server...
Hackers Exploit Critical Flaw in Ghost Platform with Cryptojacking Attack
Hackers targeted the publishing platform Ghost over the weekend, launching a cryptojacking attack against its servers that led to widespread outages. The attack stemmed from the exploit of critical vulnerabilities in SaltStack, used in Ghost’s server management infrastructure. Ghost is a free,...
CVE-2019-4288
IBM Maximo Anywhere versions 7.6.2.x and 7.6.3.x are affected by CVE-2019-4288, an information disclosure where an attacker with physical access and authenticated to the device could copy application information via Android Backup. The vulnerability is caused by the product’s handling of backups,...
The Covid-19 Pandemic Reveals Ransomware's Long Game
Hackers laid the groundwork months ago for attacks. Now they're flipping the switch...
Code injection
When user downloads PGP or S/MIME keys/certificates, exported file has same name for private and public keys. Therefore it's possible to mix them and to send private key to the third-party instead of public key. This issue affects OTRS Community Edition: 5.0.42 and prior versions, 6.0.27 and prio...
CVE-2020-5869
CONTEXT: CVE-2020-5869 affects F5 BIG-IQ HA synchronization. Affected software: BIG-IQ 5.2.0–7.0.0. ROOT CAUSE: TLS protection for HA sync is not secure, enabling potential on-path interception or tampering of confidential data in transit. IMPACT: confidentiality and integrity of BIG-IQ HA data m...
actioncurrency.com Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1149319 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website...
Improper access control
Improper implementation of Access Control in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway allows an unauthorized user to access data marked as restricted, such as viewing or editing user profiles and application settings...
NFL Tackles Cybersecurity Concerns Ahead of 2020 Draft Day
The NFL draft is slated to start Thursday, and thanks to the COVID-19 pandemic, it will be the first virtual version of the event ever presented. This raises a few cybersecurity concerns, according to researchers and the teams themselves — but the NFL is planning on knocking the security ball...
Folder Lock 3.4.5 Cross Site Scripting
Document Title: =============== Folder Lock v3.4.5 iOS - Multiple Web Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2210 Release Date: ============= 2020-04-20 Vulnerability Laboratory ID VL-ID: ==================================== 221...
bejoradio.fm Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1147397 Security Researcher g0bl1nsec Helped patch 3768 vulnerabilities Received 4 Coordinated Disclosure badges Received 3 recommendations , a holder of 4 badges for responsible and coordinated disclosure, found a security vulnerability affecting bejoradio.fm website and...
Foxit PhantomPDF U3DBrowser U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...