Lucene search
K

61 matches found

Packet Storm News
Packet Storm News
added 2025/06/21 12:0 a.m.5 views

Buy It Now, Track Me Later: Attacking User Privacy Via Wi-Fi AP Online Auctions

Static and hard-coded layer-two network identifiers are well known to present security vulnerabilities and endanger user privacy. In this work, we introduce a new privacy attack against Wi-Fi access points listed on secondhand marketplaces. Specifically, we demonstrate the ability to remotely...

6.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 6:14 a.m.6 views

CVE-2024-20431

A vulnerability in the geolocation access control feature of Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to bypass an access control policy. This vulnerability is due to improper assignment of geolocation data. An attacker could exploit this...

5.8CVSS5.8AI score0.00385EPSS
Exploits0References1
Malwarebytes
Malwarebytes
added 2025/05/14 9:28 p.m.12 views

Google to pay $1.38 billion over privacy violations

The state of Texas reached a mammoth financial agreement with Google last week, securing $1.375 billion in payments to settle two three year-old lawsuits. The Office of Texas Attorney General Ken Paxton originally filed the first lawsuit against Google in January 2022, complaining that the tech...

7AI score
Exploits0
CNVD
CNVD
added 2024/10/31 12:0 a.m.7 views

Cisco Firepower Threat Defense Code Issue Vulnerability (CNVD-2024-44487)

Cisco Firepower Threat Defense FTD is a suite of unified software from the U.S. company Cisco Cisco that provides next-generation firewall services. Cisco Firepower Threat Defense has a code issue vulnerability that stems from improper allocation of geolocation data. An attacker could exploit the...

5.8CVSS6.9AI score0.00385EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/10/23 12:0 a.m.3 views

Cisco Firepower Threat Defense 安全漏洞

Cisco Firepower Threat Defense FTD is a suite of unified software from the U.S. company Cisco Cisco that provides next-generation firewall services. Cisco Firepower Threat Defense has a code issue vulnerability that stems from improper allocation of geolocation data. An attacker could exploit the...

5.8CVSS7AI score0.00385EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2024/02/29 5:3 a.m.29 views

President Biden Blocks Mass Transfer of Personal Data to High-Risk Nations

U.S. President Joe Biden has issued an Executive Order that prohibits the mass transfer of citizens' personal data to countries of concern. The Executive Order also "provides safeguards around other activities that can give those countries access to Americans' sensitive data," the White House sai...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2023/06/03 8:5 a.m.4 views

FTC Slams Amazon with $30.8M Fine for Privacy Violations Involving Alexa and Ring

The U.S. Federal Trade Commission FTC has fined Amazon a cumulative $30.8 million over a series of privacy lapses regarding its Alexa assistant and Ring security cameras. This comprises a $25 million penalty for breaching children's privacy laws by retaining their Alexa voice recordings for...

6.5AI score
Exploits0
The Hacker News
The Hacker News
added 2023/06/01 3:14 p.m.8 views

New Zero-Click Hack Targets iOS Users with Stealthy Root-Privilege Malware

A previously unknown advanced persistent threat APT is targeting iOS devices as part of a sophisticated and long-running mobile campaign dubbed Operation Triangulation that began in 2019. "The targets are infected using zero-click exploits via the iMessage platform, and the malware runs with root...

6.9AI score
Exploits0
CNNVD
CNNVD
added 2023/04/14 12:0 a.m.4 views

Slims9 Bulian 安全漏洞

Slims9 Bulian is a free and open source software from the Indonesian Slims community. It is used for library resource management e.g., books, journals, digital files, and other library materials and administration. A security vulnerability exists in Slims9 Bulian version v9.5.2. An attacker...

7.5CVSS7.4AI score0.00747EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2023/04/11 12:30 p.m.24 views

Answer vulnerable to Insertion of Sensitive Information Into Sent Data

answerdev/answer is an open-source knowledge-based community software. Answer prior to 1.0.8 does not strip EXIF geolocation data from user-uploaded logos. As a result, anyone can get sensitive information like a user's device ID, geolocation, system information, system version, etc...

7.6CVSS6AI score0.00586EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2023/04/11 12:0 a.m.6 views

PT-2023-17383 · Unknown · Answerdev/Answer

Name of the Vulnerable Software and Affected Versions: answerdev/answer versions prior to 1.0.8 Description: The issue concerns the insertion of sensitive information into sent data. Specifically, answerdev/answer, an open-source knowledge-based community software, does not strip EXIF geolocation...

7.6CVSS7.5AI score0.00586EPSS
Exploits1References9
HackRead
HackRead
added 2022/07/01 8:57 p.m.17 views

Report Claims Coinbase Selling User Geolocation Data to ICE

By Deeba Ahmed Tech Inquiry’s Jack Paulson has shared startling details about a 3-year contract between the US Department of Homeland… This is a post from HackRead.com Read the original post: Report Claims Coinbase Selling User Geolocation Data to ICE...

1.5AI score
Exploits0
Huntr
Huntr
added 2022/02/27 10:28 a.m.52 views

Insecure Storage of Sensitive Information

Vulnerability name: EXIF Geolocation Data Not Stripped From Uploaded Images vulnerability Description:- When the user uploads his profile picture, the uploaded image’s EXIF Geolocation Data does not get stripped. As a result, anyone can get sensitive information of microweber users like their...

4CVSS0.4AI score0.01074EPSS
Exploits1References3
OSV
OSV
added 2020/11/11 11:15 p.m.1 views

CVE-2020-26220

toucbase.ai before version 2.0 leaks information by not stripping exif data from images. Anyone with access to the uploaded image of other users could obtain its geolocation, device, and software version data etc if present. The issue is fixed in version 2.0...

3.5CVSS6.4AI score
Exploits0References2
The Hacker News
The Hacker News
added 2020/09/22 1:2 p.m.5 views

Unsecured Microsoft Bing Server Exposed Users' Search Queries and Location

A back-end server associated with Microsoft Bing exposed sensitive data of the search engine's mobile application users, including search queries, device details, and GPS coordinates, among others. The logging database, however, doesn't include any personal details such as names or addresses. The...

5.8AI score
Exploits0
Hacker One
Hacker One
added 2020/06/24 3:26 p.m.306 views

IRCCloud: IDOR with Geolocation data not stripped from images

Vulnerable URL :- https://usercontent.irccloud-cdn.com/file/0wXMTrPu/hgjbk Vulnerability Discription: When an image is taken using a smartphone or camera certain metadata fields are often attached to it. These fields could include the model of the camera, the time it was taken, whether the flash...

6.7AI score
Exploits0
Kitploit
Kitploit
added 2020/04/13 12:0 p.m.82 views

Sherloq - An Open-Source Digital Image Forensic Toolset

An open source image forensic toolset Introduction "Forensic ImageAnalysis is the application of image science and domain expertise to interpret the content of an image and/or the image itself in legal matters. Major subdisciplines of Forensic Image Analysis with law enforcement applications...

7.2AI score
Exploits0References1
OSV
OSV
added 2019/09/16 6:15 p.m.5 views

UBUNTU-CVE-2019-15740

An issue was discovered in GitLab Community and Enterprise Edition 7.9 through 12.2.1. EXIF Geolocation data was not being removed from certain image uploads...

5.3CVSS5.8AI score0.01608EPSS
Exploits0References3
0day.today
0day.today
added 2019/09/03 12:0 a.m.62 views

Craft CMS 2.7.9/3.2.5 - Information Disclosure Vulnerability

Exploit for php platform in category web applications Exploit Title : CraftCms Users information disclosure From uploaded File Author Discovered By : Mohammed Abdul Raheem Author's Company Name : TrekShield IT Solution Vendor Homepage:https://craftcms.com/ Software Information Link:...

5CVSS5.4AI score0.07968EPSS
Exploits4
Exploit DB
Exploit DB
added 2019/09/02 12:0 a.m.450 views

Craft CMS 2.7.9/3.2.5 - Information Disclosure

Exploit Title : CraftCms Users information disclosure From uploaded File Author Discovered By : Mohammed Abdul Raheem Author's Company Name : TrekShield IT Solution Author Exploit-db : https://www.exploit-db.com/?author=9783 Found Vulnerability On : 20-07-2019 Vendor Homepage:https://craftcms.com...

5.3CVSS5.6AI score0.07968EPSS
Exploits4
Rows per page
Query Builder