25 matches found
EUVD-2017-0357
Malware in sbrugna...
EUVD-2013-5033
Malware in sbrugna...
EUVD-2022-32984
Malicious code in bioql PyPI...
Efficient Retail Video Annotation: a Robust Key Frame Generation Approach for Product and Customer Interaction Analysis
Accurate video annotation plays a vital role in modern retail applications, including customer behavior analysis, product interaction detection, and in-store activity recognition. However, conventional annotation methods heavily rely on time-consuming manual labeling by human annotators,...
CVE-2013-5193
The App Store component in Apple iOS before 7.0.4 does not properly enforce an intended transaction-time password requirement, which allows local users to complete a 1 App purchase or 2 In-App purchase by leveraging previous entry of Apple ID credentials...
CVE-2025-25300 smartbanner.js rel noopener XSS vulnerability
smartbanner.js is a customizable smart app banner for iOS and Android. Prior to version 1.14.1, clicking on smartbanner View link and navigating to 3rd party page leaves window.opener exposed. It may allow hostile third parties to abuse window.opener, e.g. by redirection or injection on the...
Online Computer and Laptop Store SQL注入漏洞
Online Computer and Laptop Store is an online computer and laptop store by Carlo Montero Personal Developer. A SQL injection vulnerability exists in Online Computer and Laptop Store version 1.0, which stems from a parameter id in the file /admin/maintenance/managebrand.php that can lead to SQL...
PT-2024-18781 · Samsung · Galaxy Store
Name of the Vulnerable Software and Affected Versions: Galaxy Store versions prior to 4.5.71.8 Description: The issue is related to improper verification of intent by a broadcast receiver in Galaxy Store, allowing local attackers to write arbitrary files with the privilege of Galaxy Store...
Cosmetics and Beauty Product Online Store 安全漏洞
Cosmetics And Beauty Product Online Store is an online store for cosmetics and beauty products by Carlo Montero, an individual developer. A security vulnerability exists in Cosmetics and Beauty Product Online Store v1.0, which originates from a cross-site scripting vulnerability in the Last Name...
Cosmetics and Beauty Product Online Store 安全漏洞
Cosmetics And Beauty Product Online Store is an online store for cosmetics and beauty products by Carlo Montero, an individual developer. A security vulnerability exists in Cosmetics and Beauty Product Online Store v1.0, which originates from a cross-site scripting vulnerability in the Search...
CVE-2023-47110 Any value can be changed in the configuration table by an employee having access to block reassurance module
blockreassurance adds an information block aimed at offering helpful information to reassure customers that their store is trustworthy. An ajax function in module blockreassurance allows modifying any value in the configuration table. This vulnerability has been patched in version 5.1.4...
Google Blocks 1.43 Million Malicious Apps, Bans 173,000 Bad Accounts in 2022
Google disclosed that its improved security features and app review processes helped it block 1.43 million bad apps from being published to the Play Store in 2022. In addition, the company said it banned 173,000 bad accounts and fended off over $2 billion in fraudulent and abusive transactions...
Attention Online Shoppers: Don't Be Fooled by Their Sleek, Modern Looks — It's Magecart!
An ongoing Magecart campaign has attracted the attention of cybersecurity researchers for leveraging realistic-looking fake payment screens to capture sensitive data entered by unsuspecting users. "The threat actor used original logos from the compromised store and customized a web element known ...
TangleBot Malware Reaches Deep into Android Device Functions
An Android malware called TangleBot has weaved its way onto the cyber-scene: One that researchers said can perform a bouquet of malicious actions, including stealing personal info and controlling apps and device functions. According to Cloudmark researchers, the newly discovered mobile malware is...
ECSHOP suffers from SQL injection vulnerability (CNVD-2021-26064)
ECShop is a B2C independent online store system, suitable for businesses and individuals to quickly build a personalized online store. ECSHOP is vulnerable to SQL injection. An attacker can exploit this vulnerability to obtain sensitive information from the database...
Survey of Supply Chain Attacks
The Atlantic Council has a released a report that looks at the history of computer supply chain attacks. Key trends from their summary: 1. Deep Impact from State Actors: There were at least 27 different state attacks against the software supply chain including from Russia, China, North Korea, and...
Joker Malware Apps Once Again Bypass Google's Security to Spread via Play Store
Cybersecurity researchers took the wraps off yet another instance of Android malware hidden under the guise of legitimate applications to stealthily subscribe unsuspecting users for premium services without their knowledge. In a report published by Check Point research today, the malware —...
Google Play Cracks Down on Malicious Apps
Google Play is ramping up its offensive against malicious apps, which have continued to plague the official app store for Android devices over the years. In a Wednesday post, Andrew Ahn, product manager at Google Play, said that the number of app submissions that were rejected on the app...
redis-store deserializes untrusted data
Redis-store prior to 1.4.0 allows unsafe objects to be loaded from redis...
CVE-2017-1000248
Redis-store =v1.3.0 allows unsafe objects to be loaded from redis...