54 matches found
Bidirectional communication via polyrhythms and shuffles: Without Jon the beat must go on
Welcome to this week's edition of the Threat Source newsletter. Bidirectional communication is foundational to a well-built team regardless of environment. It's critical in information security to be able to drive a conversation up the ladder and down and not lose the critical elements. One of th...
junior-broker.com Improper Access Control vulnerability OBB-3802232
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
eClass Junior 4.0 SQL Injection
==================================================================================================================================== | Title : eClass Junior 4.0 Sql injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 69.032-bit | |...
elearning.pioneergirlsjunioracademy.co.ke Cross Site Scripting vulnerability OBB-3711647
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
junior-shop.com Cross Site Scripting vulnerability OBB-3626543
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
belvederejuniorschool.co.uk Cross Site Scripting vulnerability OBB-3326327
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
junior-shop.com Cross Site Scripting vulnerability OBB-3172538
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
juniorchefs.com.au Cross Site Scripting vulnerability OBB-2833171
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2019-20473
An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. Any SIM card used with the device cannot have a PIN configured. If a PIN is configured, the device simply produces a "Remove PIN and restart!" message, and cannot be used. This makes it easier for an attacker to use...
CVE-2019-20471
An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. When using the device at initial setup, a default password is used 123456 for administrative purposes. There is no prompt to change this password. Note that this password can be used in combination with CVE-2019-2047...
Default credentials
An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. It performs actions based on certain SMS commands. This can be used to set up a voice communication channel from the watch to any telephone number, initiated by sending a specific SMS and using the default password,...
CVE-2019-20468
An issue was discovered in SeTracker2 for TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. It has unnecessary permissions such as READEXTERNALSTORAGE, WRITEEXTERNALSTORAGE, and READCONTACTS...
CVE-2019-20468
The CVE-2019-20468 entry applies to SeTracker2 for TK-Star Q90 Junior GPS watch, version 3.1042.9.8656. Affected component/behavior: the software requests unnecessary permissions (READ_EXTERNAL_STORAGE, WRITE_EXTERNAL_STORAGE, READ_CONTACTS), enabling access to local data and contacts. Root cause...
CVE-2019-20473
An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. Any SIM card used with the device cannot have a PIN configured. If a PIN is configured, the device simply produces a "Remove PIN and restart!" message, and cannot be used. This makes it easier for an attacker to use...
CVE-2019-20473
An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. Any SIM card used with the device cannot have a PIN configured. If a PIN is configured, the device simply produces a "Remove PIN and restart!" message, and cannot be used. This makes it easier for an attacker to use...
CVE-2019-20473
The CVE concerns TK-Star Q90 Junior GPS horloge (version 3.1042.9.8656). It describes a PIN configuration issue: any SIM card attached to the device cannot have a PIN; if a PIN is configured, the device shows “Remove PIN and restart!” and becomes unusable. This makes it easier for an attacker to ...
CVE-2019-20471
An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. When using the device at initial setup, a default password is used 123456 for administrative purposes. There is no prompt to change this password. Note that this password can be used in combination with CVE-2019-2047...
CVE-2019-20470
The TK-Star Q90 Junior GPS watch (firmware 3.1042.9.8656) is affected by CVE-2019-20470 and CVE-2019-20471. A default administrative password (123456) is used at initial setup and there is no prompt to change it. An SMS with the proper password, e.g., pw,,call,, can trigger the watch to initiate ...
PT-2021-9033 · Tk Star · Setracker2
Name of the Vulnerable Software and Affected Versions: SeTracker2 for TK-Star Q90 Junior GPS horloge version 3.1042.9.8656 Description: An issue was discovered in the software, where it has unnecessary permissions such as READ EXTERNAL STORAGE, WRITE EXTERNAL STORAGE, and READ CONTACTS...
TK-Star Q90 Junior GPS horloge security vulnerability
TK-Star Q90 Junior GPS horloge is a Gps location tracker from TK-Star, China. A security vulnerability exists in the TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices, which can be exploited by an attacker to more easily use a SIM card by stealing the device...