Information Leakage Vulnerability in Huatian Power Collaboration Office System

Dalian Huatian Software Co., Ltd. is a high-tech enterprise organized in accordance with the international advanced management mode and system, and is a collaborative management software company known for its leading technology. An information leakage vulnerability exists in Huatian Power...

Zhuhai Suny Technology ESL Tag Forgery / Replay Attacks Vulnerability

Zhuhai Suny Technology ESL Tag suffers from replay attacks and a forgery attack allowing for the displaying of arbitrary contents. ======================================================================= title: Replay attacks & Displaying arbitrary contents product: Zhuhai Suny Technology ESL Tag ...

Zhuhai Suny Technology ESL Tag Forgery / Replay Attacks

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Replay attacks & Displaying arbitrary contents product: Zhuhai Suny Technology ESL Tag / ETAG-TECH protocol electronic shelf labels vulnerable version: All fixed version:...

2023 Cybersecurity Industry Predictions

With 2022 rapidly coming to a close, this is the time of year where it makes sense to take a step back and look at the year in cybersecurity, and make a few critical predictions for what the industry could face in the year ahead. In order to give the security community some insight into where we’...

Low: Red Hat Security Advisory: RHACS 3.73 enhancement and security update

Updated images are now available for Red Hat Advanced Cluster Security RHACS. The updated image includes new features and bug fixes. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

CVE-2022-4280

A vulnerability, which was classified as problematic, has been found in Dot Tech Smart Campus System. Affected by this issue is some unknown functionality of the file /services/Card/findUser. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has be...

Information disclosure

A vulnerability, which was classified as problematic, has been found in Dot Tech Smart Campus System. Affected by this issue is some unknown functionality of the file /services/Card/findUser. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has be...

CVE-2022-4280 Dot Tech Smart Campus System findUser information disclosure

A vulnerability, which was classified as problematic, has been found in Dot Tech Smart Campus System. Affected by this issue is some unknown functionality of the file /services/Card/findUser. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has be...

DIVOTECH Dot Tech Smart Campus System 安全漏洞

DIVOTECH Dot Tech Smart Campus System is a smart campus system from China-based DIVOTECH. A security vulnerability exists in version 1.0 of the DIVOTECH Dot Tech Smart Campus System, which stems from a problem with an unknown function in the file /services/Card/findUser, which could lead to...

CVE-2022-4280 Dot Tech Smart Campus System findUser information disclosure

A vulnerability, which was classified as problematic, has been found in Dot Tech Smart Campus System. Affected by this issue is some unknown functionality of the file /services/Card/findUser. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has be...

CVE-2022-4280

CVE-2022-4280 affects Dot Tech Smart Campus System. Unknown functionality in /services/Card/findUser leads to information disclosure; attack may be launched remotely. Exploit has been disclosed publicly; VDB-214778 is the identifier. No explicit remediation details are provided in the sources.

pallotti-tech.it Cross Site Scripting vulnerability OBB-3071975

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Policy trends: where are we today on regulation in cyberspace?

This is the first edition of our policy analysis and observations of trends in the regulation of cyberspace, and cybersecurity, within the Kaspersky Security Bulletin. This year so far has been very challenging: increased tensions in international relations have had a huge impact on both cyberspa...

Telehealth Sites Put Addiction Patient Data at Risk

New research found pervasive use of tracking tech on substance-abuse-focused health care websites, potentially endangering users in a post-Roe world...

Google to Roll Out Privacy Sandbox Beta on Android 13 by Early 2023

Internet behemoth Google on Tuesday said it plans to roll out Privacy Sandbox for Android in beta to mobile devices running Android 13 starting early next year. "The Privacy Sandbox Beta will be available for ad tech and app developers who wish to test the ads-related APIs as part of their...

@a11ywatch/a11ywatch (>=0.1.0 <=0.1.65), @a11ywatch/core (>=0.4.52 <=0.5.158) +11 more potentially affected by unknown CVE via apollo-server-core (>=3.10.0 <=3.10.4)

apollo-server-core NPM version =3.10.0, =0.1.0, =0.4.52, =0.1.0-alpha.0, =0.1.0-alpha.1, =0.1.0-alpha.0, =0.1.0-alpha.0, =0.1.0-alpha.0, =10.7.1, =9.0.0, =2.0.0-beta.7, =1.0.0, =4.13.1, =1.3.0-beta.2, =2.0.0-beta.2 Source cves: unknown CVE Source advisory: OSV:GHSA-8R69-3CVP-WXC3...

Maintenance Mode aims to keep phone data private during repairs

One of the biggest data related headaches youll face with a mobile device is what do to in the event of a repair. When you have to send your phone in for a fix, what happens to your data? In many cases, the repair technicians will simply scrub the phone by default unless you ask them not to. In...

The Hunt for the Kingpin Behind AlphaBay, Part 1: The Shadow

AlphaBay was the largest online drug bazaar in history, run by a technological mastermind who seemed untouchable—until his tech was turned against him...

Microsoft fixes driver blocklist placing users at risk from BYOVD attacks

There may be an all-new acronym for you to try and remember, as a result of Microsoft fixing a lingering issue. This issue is called Bring Your Own Vulnerable Driver BYOVD, and BYOVD has been popping up in various forms for the last few months. These attacks may have been less impactful if a...

Police Dismantled Car Hackers That Exploited Keyless Entry Tech

By Waqas According to authorities, more than 22 locations were searched during the operation while over $1 million in criminal assets were seized. This is a post from HackRead.com Read the original post: Police Dismantled Car Hackers That Exploited Keyless Entry Tech...