38 matches found
Man tricked hundreds of women into handing over Snapchat security codes
Fresh off a breathless Super Bowl Sunday, we're less thrilled to bring you this week's Weirdo Wednesday. Two stories caught our eye, both involving men who crossed clear lines and invaded women's privacy online. Last week, 27-year-old Kyle Svara of Oswego, Illinois admitted to hacking women's...
EUVD-2023-40746
Malicious code in bioql PyPI...
EUVD-2024-46026
Malicious code in bioql PyPI...
CVE-2023-36816
2FA is a Web app to manage Two-Factor Authentication 2FA accounts and generate their security codes. Cross site scripting XSS injection can be done via the account/service field. This was tested in docker-compose environment. This vulnerability has been patched in version 4.0.3...
CVE-2024-52597
2FAuth is a web app to manage Two-Factor Authentication 2FA accounts and generate their security codes. Versions prior to 5.4.1 are vulnerable to stored cross-site scripting due to improper headers in direct access to uploaded SVGs. The application allows uploading images in several places. One o...
CVE-2024-52597 2FAuth vulnerable to stored cross-site scripting via SVG upload and direct access render
2FAuth is a web app to manage Two-Factor Authentication 2FA accounts and generate their security codes. Versions prior to 5.4.1 are vulnerable to stored cross-site scripting due to improper headers in direct access to uploaded SVGs. The application allows uploading images in several places. One o...
CVE-2024-52597 2FAuth vulnerable to stored cross-site scripting via SVG upload and direct access render
2FAuth is a web app to manage Two-Factor Authentication 2FA accounts and generate their security codes. Versions prior to 5.4.1 are vulnerable to stored cross-site scripting due to improper headers in direct access to uploaded SVGs. The application allows uploading images in several places. One o...
CVE-2023-36816 Cross-Site Scripting (XSS) at Account creation in 2FAuth
2FA is a Web app to manage Two-Factor Authentication 2FA accounts and generate their security codes. Cross site scripting XSS injection can be done via the account/service field. This was tested in docker-compose environment. This vulnerability has been patched in version 4.0.3...
ECOA Building Automation System Cookie Poisoning / Authentication Bypass Vulnerabilities
ECOA building automation systems suffer from a cookie poisoning vulnerability that allows for authentication bypass. Many versions are affected. ECOA Building Automation System Cookie Poisoning Authentication Bypass Vendor: ECOA Technologies Corp. Product web page: http://www.ecoa.com.tw Affected...
ECOA Building Automation System Cross Site Request Forgery Vulnerability
ECOA building automation systems suffer from a cross site request forgery vulnerability. Many versions are affected. ECOA Building Automation System Cross-Site Request Forgery Vendor: ECOA Technologies Corp. Product web page: http://www.ecoa.com.tw Affected version: ECOA ECS Router Controller - E...
ECOA Building Automation System Hidden Backdoor Accounts and backdoor() Function
Summary 1 The Risk-Terminator Web Graphic control BEMS Building Energy Management System are designed to provide you with the latest in the Human Machine Interface HMI technology, for completely monitoring and controlling management. It may be used singly for small and medium sized facilities,...
ECOA Building Automation System Missing Encryption Of Sensitive Information
Summary 1 The Risk-Terminator Web Graphic control BEMS Building Energy Management System are designed to provide you with the latest in the Human Machine Interface HMI technology, for completely monitoring and controlling management. It may be used singly for small and medium sized facilities,...
Account Takeover Fraud Losses Total Billions Across Online Retailers
Account takeover ATO attacks are on the rise, and in fact have become a go-to attack of choice cybercriminals of all stripes. In fact, in 2019 alone, ATO attacks cost consumers and e-commerce retailers a whopping $16.9 billion in losses. To be clear, ATO fraud isn’t new, it’s been a concern for...
MachForm < 4.2.3 - SQL Injection / Path Traversal / Upload Bypass Vulnerabilities
Exploit for php platform in category web applications Vendor: Appnitro Product webpage: https://www.machform.com/ Full-Disclose: https://metalamin.github.io/MachForm-not-0-day-EN/ Fix: https://www.machform.com/blog-machform-423-security-release/ Author: Amine Taouirsa Twitter: @metalamin Google...
Information Disclosure Vulnerability in Multiple Netgear Devices
Netgear is a global leader in enterprise networking solutions and a champion of digital home networking applications. An information disclosure vulnerability exists in a number of Netgear devices, where the device has an authentication bypass page that can be exploited by an attacker to obtain...
Two Dozen Zoos Potentially Hit by Data Breach
Anyone who’s visited one of two dozen zoos across America over the last several months may want to check their credit and debit card statements. A third party operator of concessions and retail services at zoos from Hawaii to Florida acknowledged this week that it was hit by a data breach earlier...
Gazelle CMS 1.0 - Remote Arbitrary Shell Upload Vulnerability
No description provided by source. ==================================================== | Gazelle CMS 1.0 Remote Arbitrary File Upload Vuln | My Home Page : WwW.Sec-Code.CoM | Founded By RoMaNcYxHaCkEr ==================================================== ! Discovered.: RoMaNcYxHaCkEr ! Vendor.......
Apple adds two-factor authentication to iCloud and Apple ID
Apple is beefing up the security of its iCloud and Apple ID accounts by adding two-factor authentication to the account login process. Users who activate the option will be required to enter a four-digit code they may receive via SMS message, aside from the usual password. Two-factor authenticati...
Citigroup Admits Info on 200K Customers Stolen in Network Compromise
Citigroup is warning its credit card users that attackers have stolen account information belonging to 200,000 customers. The breach apparently was discovered last month. The attackers who compromised Citigroup’s network were able to get customer names, account numbers and other data, including...
Ve-EDIT 0.1.4 - highlighter Remote File Inclusion
Ve-EDIT 0.1.4 - highlighter Remote File Inclusion ==================================================== | Ve-EDIT v 0.1.4 Remote File Include Vulne | My Home Page : WwW.Sec-Code.CoM | Founded By RoMaNcYxHaCkEr ==================================================== ! Discovered.: RoMaNcYxHaCkEr !...