PT-2026-41428

iDS6 DSSPro Digital Signage System 6.2 contains a CAPTCHA security bypass vulnerability that allows attackers to bypass authentication by requesting the autoLoginVerifyCode object. Attackers can retrieve valid CAPTCHA codes via the login endpoint and use them to perform brute-force attacks agains...

How to set up two factor authentication (2FA) on your Instagram account

Two-factor authentication 2FA isn't foolproof, but it is one of the best ways to protect your accounts from hackers. It adds a small extra step when logging in, but that extra effort pays off. Instagram’s 2FA requires an additional code whenever you try to log in from an unrecognized device or...

EUVD-2018-20338

Malware in sbrugna...

PT-2025-34111 · Undefined · Undefined

Foxit PDF Reader 4.3.1.0218 exposes a JavaScript API function, createDataObject, that allows untrusted PDF content to write arbitrary files anywhere on disk. By embedding a malicious PDF that calls this API, an attacker can drop executables or scripts into privileged folders, leading to code...

CVE-2018-8728

server/app/views/static/code.html in Kontena before 1.5.0 allows XSS in "kontena master login --remote" code display, as demonstrated by /codecode= in a URI...

H3C ER Series Path Traversal Vulnerability

The H3C ER Series is a series of routers from China's Xinhua San H3C Corporation. A path traversal vulnerability exists in the H3C ER Series, which stems from a portion of the code in /userLogin.asp that could lead to path traversal...

PT-2021-18213 · Unknown · Scratchoauth2

Name of the Vulnerable Software and Affected Versions: ScratchOAuth2 affected versions not specified Description: The issue allows a third-party site to access and modify a Scratch user's data by pretending to be the user and obtaining a login code from ScratchOAuth2. This is achieved through a...

Instacart: shopper login_code's can be brute forced

Hi, I didn't see in the scope of your program, but it is a security weakness, so you must know this. If you don't care about shoppers' accounts then you can just mark this report as informative. First I tried to register a shopper account at https://shoppers.instacart.com/ Used a fake email addre...

Debian DSA-1514-1 : moin - several vulnerabilities

Several remote vulnerabilities have been discovered in MoinMoin, a Python clone of WikiWiki. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-2423 A cross-site-scripting vulnerability has been discovered in attachment handling. - CVE-2007-2637 Access...

DSA-1514-1 moin

Bulletin has no description...

Webeveyn Whomp! Real Estate Manager 2005 - Login SQL Injection

Webeveyn Whomp! Real Estate Manager 2005 - Login SQL Injection source: https://www.securityfocus.com/bid/16544/info Whomp! Real Estate Manager is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in ...