44 matches found
Linux Distros Unpatched Vulnerability : CVE-2021-44120
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SPIP 4.0.0 is affected by a Cross Site Scripting XSS vulnerability in ecrire/public/interfaces.php, adding the function safehtml to the vulnerable fields. An...
Trello Data Breach: Hacker Dumps Personal Info of Millions of Users
The hacker behind the Trello data breach claims the data was stolen in January 2024 and can be…...
How to Remove Your Personal Info From Google’s Search Results
Maybe you don’t want your phone number, email, home address, and other details out there for all the web to see. Here’s how to make them vanish...
CVE-2024-0469
A vulnerability was found in code-projects Human Resource Integrated System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file updatepersonalinfo.php. The manipulation of the argument sex leads to sql injection. The attack may be launched remotely. Th...
Human Resource Integrated System SQL Injection Vulnerability
Human Resource Integrated System is a human resource integration system. A SQL injection vulnerability exists in code-projects Human Resource Integrated System version 1.0, which stems from a SQL injection vulnerability in the updatepersonalinfo.php file...
Biden’s SOTU: Data Privacy Is Now a Must-Hit US State of the Union Topic
Biden’s speech proves that protecting personal info is no longer a fringe issue. Now, Congress just needs to do something about it...
Third-Party Firm Exposes Personal Info for Nissan Customers
By Habiba Rashid In total, 18,000 customers of Nissan North America, Inc. had their personal information exposed to the public by a third-party developer. This is a post from HackRead.com Read the original post: Third-Party Firm Exposes Personal Info for Nissan Customers...
WhatsApp warns users: Fake versions of WhatsApp are trying to steal your personal info
WhatsApp boss Will Cathcart is warning users of the popular messaging app to be on their guard after the WhatsApp Security Team discovered bogus apps packing a hidden punch in the form of malware. Outside the safety of the walled garden App stores do whatever they can to try and prevent bogus...
MAL-2022-5304 Malicious code in personal-info (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6d1e719d266ae58644dcc385ad61d738755ad50df8975afd1f8526b97e02955d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in personal-info (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6d1e719d266ae58644dcc385ad61d738755ad50df8975afd1f8526b97e02955d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Formula Injection/CSV Injection due to Improper Neutralization of Formula Elements in CSV File
Description Formula Injection/CSV Injection in "Firstname" & "Lastname" due to Improper Neutralization of Formula Elements in CSV File. Proof of Concept 1.Go to a Preferences from the user account and in Personal info of "Firstname" & "Lastname" insert the below payloads. 2.Payloads:-...
CVE-2022-0155 Exposure of Private Personal Information to an Unauthorized Actor in follow-redirects/follow-redirects
follow-redirects is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor...
U.S. Dept Of Defense: DoD internal documents are leaked to the public
Hello Team, I found a zip file containing documents about DoD. From what I looked at are documents for new soldiers who are starting out, but I didn't just find these files but several others like advice, commander files, plans, certificates and others. ███ ██████ █████████ In some of the files I...
CVE-2021-21435
Article Bcc fields and agent personal information are shown when customer prints the ticket PDF via external interface. This issue affects: OTRS AG OTRS 7.0.x version 7.0.23 and prior versions; 8.0.x version 8.0.10 and prior versions...
U.S. General Services Administration: TAMS registration details API for admins open at https://tamsapi.gsa.gov/user/tams/api/usermgmnt/pendingUserDetails/
Summary: TAMS administrators are supposed to approve or deny all registration requests. The dashboard that shows these administrators details of a registration request calls the endpoint https://tamsapi.gsa.gov/user/tams/api/usermgmnt/pendingUserDetails/REGISTRATIONID, where REGISTRATIONID is...
Information Disclosure
firefox is vulnerable to information disclosure. The names of AirPods with personally identifiable information were exposed to websites with camera or microphone permission...
CVE-2012-1169
Moodle before 2.2.2 has Personal information disclosure, when administrative setting users name display is set to first name only full names are shown in page breadcrumbs...
Streaming Video Fans Open to TV Hijacking
A suite of critical remote code-execution vulnerabilities in a streaming TV platform could expose entire databases of subscribers’ personal info and financial details – and could open the door to attackers hijacking the service, streaming any content they wish to customer screens. According to...
Khan Academy: Account takeover by changing email
The endpoint /signup/email allows users to change their email before they confirm their account email. This endpoint is not protected from CSRF. Thus, any account that is not yet "confirmed" is vulnerable to account takeover using the following steps: 1. Attacker obtains new email address not...
CVE-2018-13295
Information exposure vulnerability in SYNO.Personal.Application.Info in Synology Application Service before 1.5.4-0320 allows remote authenticated users to obtain sensitive system information via the version parameter...