TP-Link, Photoshop, OpenVPN, Norton VPN vulnerabilities

Cisco Talos' Vulnerability Discovery & Research team recently disclosed eight vulnerabilities in TP-Link, and one each in Adobe Photoshop, OpenVPN, and Gen Digital's Norton VPN. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, in adherence to Cisco 's...

CVE-2024-3454

An implementation issue in the Connectivity Standards Alliance Matter 1.2 protocol as used in the connectedhomeip SDK allows a third party to disclose information about devices part of the same fabric footprinting, even though the protocol is designed to prevent access to such information...

Reverb.com: Disclosure of all uploads to Cloudinary via hardcoded api secret in Android app

Hi, in file com/reverb/app/CloudinaryFacade.java you have hardcoded the following config: java private static final java.lang.String CONFIG = "cloudinary://434762629765715:█████@reverb"; where 434762629765715:████████ is basic auth details. It shouldn't be disclosed to third parties as official...

CVE-2006-0641

Orbicule Undercover uses a third-party web server to determine the IP address through which the computer is accessing the Internet, but does not document this third-party disclosure, which leads to a potential privacy leak that might allow transmission of sensitive information to an unintended...

CVE-2005-4450

Cross-site request forgery CSRF vulnerability in phpMyAdmin 2.7.0 allows remote attackers to perform unauthorized actions as a logged-in user via a link or IMG tag to serverprivileges.php, as demonstrated using the dbname and checkprivs parameters. NOTE: the provenance of this issue is unknown,...