41 matches found
Security Bulletin: An unauthorized attacker who has obtained an IBM Watson IoT Platform security authentication token can use it to impersonate an authorized platform user (CVE-2023-38372)
Summary Guidance on best practices to mitigate or avoid compromise in case an unauthorized attacker obtains an IBM Watson IoT Platform security authentication token CVE-2023-38372. Vulnerability Details CVEID:CVE-2023-38372 DESCRIPTION: IBM Watson IoT Platform contains a vulnerability that could...
Payment Giant Exposed 9 Million Credit Card Transaction Records
By Habiba Rashid The trove of sensitive data belonging to California-based Cornerstone Payment Systems was left exposed on a misconfigured server without any security authentication. This is a post from HackRead.com Read the original post: Payment Giant Exposed 9 Million Credit Card Transaction...
The Telegraph newspaper exposed 10TB of subscriber data
By Deeba Ahmed The data was exposed due to an unprotected Elasticsearch cluster and remained open to public access without any security authentication. This is a post from HackRead.com Read the original post: The Telegraph newspaper exposed 10TB of subscriber data...
Calgary Parking Authority exposed sensitive data of residents
By Waqas In total, CPA exposed 502 GB worth of data without any security authentication. This is a post from HackRead.com Read the original post: Calgary Parking Authority exposed sensitive data of residents...
Logistics giant exposes customer data, Lolz at researchers when alerted
By Habiba Rashid At the time of publishing this article; the data belonging to Bergen Logistics was available for public access without any security authentication. This is a post from HackRead.com Read the original post: Logistics giant exposes customer data, Lolz at researchers when alerted...
CVE-2020-25592
In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH...
Data scraping firm leaks 235m Instagram, TikTok, YouTube user records
By Sudais Asif According to researchers, the trove of data was left for public access without any security authentication. This is a post from HackRead.com Read the original post: Data scraping firm leaks 235m Instagram, TikTok, YouTube user records...
Huawei Data Communication: Security authentication configuration for NTP clients and level-2 or multi-level servers
Configure security verification for the NTP client and level-2 or multi-level servers. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This...
Gaming controllers manufacturer exposed 1.1M customer records
By Sudais Asif The company, a known manufacturer of gaming controllers and other accessories had left the database exposed to malicious actors without any security authentication. This is a post from HackRead.com Read the original post: Gaming controllers manufacturer exposed 1.1M customer record...
Logic Flaw Vulnerability in the Security Authentication of a Dahua Webcam Model
Zhejiang Dahua Technology Co., Ltd, is a video-centered intelligent IOT solution provider and operation service provider. A logic flaw vulnerability exists in the security authentication of a Dahua webcam model, which allows an attacker to forge packets and call the interface to execute arbitrary...
CVE-2018-19000
LCDS Laquis SCADA prior to version 4.1.0.4150 allows an authentication bypass, which may allow an attacker access to sensitive data...
CVE-2018-16737
tinc before 1.0.30 has a broken authentication protocol, without even a partial mitigation...
Security Bulletin: CLI access security issue on IBM System Storage Storwize V7000 Unified (CVE-2014-0880)
Summary CLI security issue. Vulnerability Details CVEID: CVE-2014-0880 DESCRIPTION: An unauthorized user with network access to a system's administrative IP Internet Protocol address may be able to gain access to the block CLI Command Line Interface of the system, allowing the user to issue all...
DokuWiki fetch.php SSRF vulnerability
Author: baolongniucow protection Dragon About DokuWiki DokuWiki is an open source wiki engine program, running on PHP environment. DokuWiki program small but powerful, flexible, suitable for small teams and personal web site Knowledge Base management. Vulnerability description DokuWiki latest...
Thomson CableHome Gateway (DWG849) Information Exposure
This host has Thomson CableHome GatewayDWG849 and is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
TinySRP Buffer Overflow
Dear Fulldisclosure, I submitted the below vulnerability to the HP Zero Day Initiative. They responded that they are not interested in vulnerabilities in this "product". Further, I tried to contact one of the authors Eric A. Young; the email bounced. I am busy with my day job and do not have the...
CVE-2008-7019
Esqlanelapse 2.6.1 and 2.6.2 allows remote attackers to bypass authentication and gain privileges via modified 1 enombre and 2 euri cookies...
CVE-2008-3375
The jrCookie function in includes/jamroom-misc.inc.php in JamRoom before 3.4.0 allows remote attackers to bypass authentication and gain administrative access via a boolean value within serialized data in a JMUCookie cookie...
CVE-2007-3974
admin/ajoutaut.php in JBlog 1.0 does not require authentication, which allows remote attackers to create arbitrary accounts via modified mot and droit parameters...
Problem when signing up for new user Account from login page
I signed up for a new user account from the login page, filled in a username, password, name and e-mail. Then I tried to login with the new username and got this exception: java.lang.NullPointerException at com.opensymphony.module.user.User.getGroupsUser.java:94 at...