Konica Bizhub Multifunction Printers Use of Weak Credentials (CVE-2024-51978)

An unauthenticated attacker who knows the target device's serial number, can generate the default administrator password for the device. An unauthenticated attacker can first discover the target device's serial number via CVE-2024-51977 over HTTP/HTTPS/IPP, or via a PJL request, or via an SNMP...

VulnCheck KEV: CVE-2024-51978

An unauthenticated attacker who knows the target device's serial number, can generate the default administrator password for the device. An unauthenticated attacker can first discover the target device's serial number via CVE-2024-51977 over HTTP/HTTPS/IPP, or via a PJL request, or via an SNMP...

CSAM Strengthens Attack Surface Coverage and Risk Assessment With Third-Party Connectors

Organizations using Qualys CyberSecurity Asset Management CSAM can now import asset data from any external system into the Enterprise TruRisk Platform. With third-party connectors, you will identify any existing coverage gaps and add business context to your unified inventory, helping you...

Pornhub: Blind SQL injection and making any profile comments from any users to disappear using "like" function (2 in 1 issues)

Researcher found a blind SQL injection in the profile comment Like functionality, executing on the second request made for a given comment dislikes. Summary The injection was found manually, used discovery methods are basically the same as described in this awesome article by @gerbenjavado:...