41 matches found
EUVD-2013-6787
Malware in sbrugna...
CVE-2024-1678
The Subway – Private Site Option plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.4 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's private site feature and view restricted page and post...
Internal Emails Reveal How a Controversial Gun-Detection AI System Found Its Way to NYC
NYC mayor Eric Adams wants to test Evolv’s gun-detection tech in subway stations—despite the company saying it’s not designed for that environment. Emails obtained by WIRED show how the company still found an in...
CVE-2024-1678
The connected sources confirm CVE-2024-1678 affects the Subway – Private Site Option WordPress plugin and enables Sensitive Information Exposure via the REST API in all versions up to 2.1.4. The vulnerability allows unauthenticated attackers to bypass the plugin’s private-site feature and access ...
CVE-2024-1678 Subway – Private Site Option <= 2.1.4 - Improper Access Control to Sensitive Information Exposure via REST API
The Subway – Private Site Option plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.4 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's private site feature and view restricted page and post...
WordPress plugin Subway 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2024-18214 · WordPress · The Subway – Private Site Option
Name of the Vulnerable Software and Affected Versions: The Subway – Private Site Option plugin for WordPress versions up to, and including, 2.1.4 Description: The issue allows unauthenticated attackers to bypass the plugin's private site feature and view restricted page and post content via the...
WordPress Subway – Private Site Option Plugin <= 2.1.4 is vulnerable to Sensitive Data Exposure
Software Subway – Private Site Option Type Plugin Vulnerable versions = 2.1.4 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-1678 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 2690fc946af0 Credits Francesco Carlucc...
Subway – Private Site Option <= 2.1.4 - Improper Access Control to Sensitive Information Exposure via REST API
Description The Subway – Private Site Option plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.4 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's private site feature and view restricted page...
LockBit Ransomware Gang Claims Subway as New Victim
By Deeba Ahmed From Footlongs to Stolen Bytes: Subway Faces Potential Ransomware Nightmare. This is a post from HackRead.com Read the original post: LockBit Ransomware Gang Claims Subway as New Victim...
Teens Hacked Boston Subway’s CharlieCard to Get Infinite Free Rides—and This Time Nobody Got Sued
In 2008, Boston’s transit authority sued to stop MIT hackers from presenting at the Defcon hacker conference on how to get free subway rides. Today, four teens picked up where they left off...
New York Using AI to Detect Subway Fare Evasion
The details are scant--the article is based on a "heavily redacted" contract--but the New York subway authority is using an "AI system" to detect people who dont pay the subway fare. Joana Flores, an MTA spokesperson, said the AI system doesnt flag fare evaders to New York police, but she decline...
Subway Sandwich Loyalty-Card Users Suffer Ham-Handed Phishing Scam
Count the Subway sandwich faithful among the latest victims of cybercriminals. Researchers at Sophos discovered a phishing campaign aimed at Subway loyalty-card members in the U.K. and Ireland, in an attempt to trick them into downloading malware. The campaign wasn’t particularly impressive,...
subwayargentina.com Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1187997 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website...
On Chinese "Spy Trains"
The trade war with China has reached a new industry: subway cars. Congress is considering legislation that would prevent the world's largest train maker, the Chinese-owned CRRC Corporation, from competing on new contracts in the United States. Part of the reasoning behind this legislation is...
Subway Elevators and Movie-Plot Threats
Local residents are opposing adding an elevator to a subway station because terrorists might use it to detonate a bomb. No, really. There's no actual threat analysis, only fear: "The idea that people can then ride in on the subway with a bomb or whatever and come straight up in an elevator is awf...
Subway Surfers - Dangerous filesystem permissions, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application Subway Surfers published at the 'play' market has multiple vulnerabilities...
KakaoMetro - Subway Navigation - Customized SSL, Dangerous filesystem permissions, Redefined SSL Common Names verifier vulnerabilities
HackApp vulnerability scanner discovered that application KakaoMetro - Subway Navigation published at the 'play' market has multiple vulnerabilities...
Subway Train Simulator 3D - Customized SSL, Dangerous filesystem permissions, WebView SSL handling enabled vulnerabilities
HackApp vulnerability scanner discovered that application Subway Train Simulator 3D published at the 'play' market has multiple vulnerabilities...
Santa Runner :Xmas Subway Surf - Base64 encoded String, Customized SSL, Dangerous filesystem permissions vulnerabilities
HackApp vulnerability scanner discovered that application Santa Runner :Xmas Subway Surf published at the 'play' market has multiple vulnerabilities...