YODOBASHI CAMERA CO.,LTD. Security Vulnerabilities

NiceRAT Malware Targets South Korean Users via Cracked Software

Threat actors have been observed deploying a malware called NiceRAT to co-opt infected devices into a botnet. The attacks, which target South Korean users, are designed to propagate the malware under the guise of cracked software, such as Microsoft Windows, or tools that purport to offer license...

Anonymous Vows Continued Attacks on Companies Opposing WikiLeaks

A pro-WikiLeaks hacker has stated that an Internet insurgent group will continue targeting companies that oppose the whistleblowing website.For the first time, the cyber-insurgent "Bass" from the group Anonymous spoke on camera, revealing details about their operations and their expanding...

Multiple IP-Cameras Information Disclosure Vulnerability (Aug 2016) - Active Check

The IP-Camera is prone to an information disclosure ...

RHEL 6 : openssl (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. openssl: the c_rehash script allows command injection (CVE-2022-2068) Integer overflow in the...

About the security content of macOS Sonoma 14.5

About the security content of macOS Sonoma 14.5 This document describes the security content of macOS Sonoma 14.5. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are....

Learn to Secure Petabyte-Scale Data in a Webinar with Industry Titans

Data is growing faster than ever. Remember when petabytes (that's 1,000,000 gigabytes!) were only for tech giants? Well, that's so last decade! Today, businesses of all sizes are swimming in petabytes. But this isn't just about storage anymore. This data is ALIVE—it's constantly accessed,...

CVE-2024-29908 WordPress Co-marquage service-public.fr plugin <= 0.5.71 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kienso Co-marquage service-public.Fr allows Stored XSS.This issue affects Co-marquage service-public.Fr: from n/a through...

(Pwn2Own) Samsung Galaxy S23 McsWebViewActivity Permissive List of Allowed Inputs Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung Galaxy S23 smartphones. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the.....

Data Consumption via Opera Mini Reaches 6.3 Petabytes

Opera releases monthly data generated by its users. In November 2010, Opera reported significant increases in unique users, pages viewed, and data consumed via its Mini browser. Around 80 million people used the Opera Mini browser in November, viewing 44.6 billion pages. According to Opera, its...

EulerOS 2.0 SP8 : openssl (EulerOS-SA-2019-2097)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some...

Fedora 40 : kernel (2024-010fe8772a)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-010fe8772a advisory. In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate the parameters of bo mapping operations more clearly...

SQL Injection Vulnerability in Kirin Fortress of Beijing COSCO Kirin Technology Co. Ltd (CNVD-2022-86537)

KyLinFortress is an all-in-one Fortress, SSL VPN, Dynamic Password and CA Certificate. COSCO KyLin Technology Company Limited KyLin Barrier Machine suffers from a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information from the...

JVN#62737544: Multiple vulnerabilities in RoamWiFi R10

RoamWiFi R10 provided by RoamWiFi Technology Co., Ltd. contains multiple vulnerabilities listed below. Active debug code (CWE-489) CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score 8.8 CVE-2024-31406 Insertion of sensitive information into log file (CWE-532)...

CVE-2024-29908

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kienso Co-marquage service-public.Fr allows Stored XSS.This issue affects Co-marquage service-public.Fr: from n/a through...

Cisco Linksys WVC54GCA 1.00R22/1.00R24 - Local File Inclusion

Cisco Linksys WVC54GCA 1.00R22/1.00R24 is susceptible to local file inclusion in adm/file.cgi because it allows remote attackers to read arbitrary files via a %2e. (encoded dot dot) or an absolute pathname in the next_file...

SQL Injection Vulnerability in iFair of Beijing Yiharmonic Technology Co.

Enterprise iFair Collaboration Management System is a professional collaborative office software, the management system is highly compatible and suitable for a wide range of business types. There is a SQL injection vulnerability in iFair, which can be exploited by attackers to obtain sensitive...

CVE-2024-29243

Shenzhen Libituo Technology Co., Ltd LBT-T300-mini v1.2.9 was discovered to contain a buffer overflow via the vpn_client_ip parameter at...

CVE-2024-29908

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kienso Co-marquage service-public.Fr allows Stored XSS.This issue affects Co-marquage service-public.Fr: from n/a through...

CVE-2024-29244

Shenzhen Libituo Technology Co., Ltd LBT-T300-mini v1.2.9 was discovered to contain a buffer overflow via the pin_code_3g parameter at...

CVE-2024-29243

Shenzhen Libituo Technology Co., Ltd LBT-T300-mini v1.2.9 was discovered to contain a buffer overflow via the vpn_client_ip parameter at...

CVE-2024-29243

Shenzhen Libituo Technology Co., Ltd LBT-T300-mini v1.2.9 was discovered to contain a buffer overflow via the vpn_client_ip parameter at...

CVE-2024-29244

Shenzhen Libituo Technology Co., Ltd LBT-T300-mini v1.2.9 was discovered to contain a buffer overflow via the pin_code_3g parameter at...

CVE-2024-29244

Shenzhen Libituo Technology Co., Ltd LBT-T300-mini v1.2.9 was discovered to contain a buffer overflow via the pin_code_3g parameter at...

Fedora 39 : kernel (2024-bc0db39a14)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-bc0db39a14 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate the parameters of bo mapping operations more clearly...

Fedora 38 : kernel (2024-f35f9525d6)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-f35f9525d6 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate the parameters of bo mapping operations more clearly...

Axis Network Cameras Multiple XSS Vulnerabilities (Apr 2016) - Active Check

Axis Network Cameras is prone to multiple cross-site scripting (XSS)...

ROS-20240411-08

The Jenkins Automation Server vulnerability involves the creation of temporary files with insecure permissions. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to read, modify, or delete files A vulnerability in the args4j library of the Jenkins Git server.....

SQL Injection Vulnerability in Electronic Document Security Management System of Beijing Yisetong Technology Development Co., Ltd (CNVD-2024-13551)

Beijing Yisaitong Technology Development Co., Ltd. is a company whose business scope includes technical services, technology development, technology consulting, technology exchange, technology transfer, technology promotion and so on. There is a SQL injection vulnerability in the electronic...

Military Cautions Troops About Facebook's Location Revealing Risks

Computer security firms and military personnel have issued warnings about certain Facebook features that could compromise both personal and national security. On Thursday, Sophos, a computer security developer, warned that Facebook's new online messaging service could increase users' vulnerability....

Why car location tracking needs an overhaul

Across America, survivors of domestic abuse and stalking are facing a unique location tracking crisis born out of policy failure, unclear corporate responsibility, and potentially risky behaviors around digital sharing that are now common in relationships. No, we’re not talking about stalkerware......

MobileShop master v1.0 - SQL Injection Vulnerability

...

CVE-2024-29191

gotortc is a camera streaming application. Versions 1.8.5 and prior are vulnerable to DOM-based cross-site scripting. The links page (links.html) appends the src GET parameter ([0]) in all of its links for 1-click previews. The context in which src is being appended is innerHTML ([1]), which will.....

CVE-2024-29191 GHSL-2023-205 gotortc DOM-based Cross-site Scripting vulnerability

gotortc is a camera streaming application. Versions 1.8.5 and prior are vulnerable to DOM-based cross-site scripting. The links page (links.html) appends the src GET parameter ([0]) in all of its links for 1-click previews. The context in which src is being appended is innerHTML ([1]), which will.....

CVE-2024-29191

gotortc is a camera streaming application. Versions 1.8.5 and prior are vulnerable to DOM-based cross-site scripting. The links page (links.html) appends the src GET parameter ([0]) in all of its links for 1-click previews. The context in which src is being appended is innerHTML ([1]), which will.....

Malvertising Campaign Leads to Execution of Oyster Backdoor

The following analysts contributed to this blog: Thomas Elkins, Daniel Thiede, Josh Lockwood, Tyler McGraw, and Sasha Kovalev. Executive Summary Rapid7 has observed a recent malvertising campaign that lures users into downloading malicious installers for popular software such as Google Chrome and.....

Command Execution Vulnerability in the Operation and Maintenance Audit System of Beijing COSCO Kirin Technology Co. Ltd (CNVD-2022-53245)

COSCO KyLin Technology Co., Ltd. is a R&D-oriented software development company, the company's main products are COSCO KyLin Barrier Machine, KyLin SSL VPN, KyLin Dynamic Password System, KyLin Cloud Desktop and so on. Our main products are COSCO Kirin SSL VPN, Kirin Dynamic Password System, Kirin....

CVE-2024-20854

Improper handling of insufficient privileges vulnerability in Samsung Camera prior to versions 12.1.0.31 in Android 12, 13.1.02.07 in Android 13, and 14.0.01.06 in Android 14 allows local attackers to access image...

CVE-2024-28446

Shenzhen Libituo Technology Co., Ltd LBT-T300-mini1 v1.2.9 was discovered to contain a buffer overflow via lan_netmask parameter at...

CVE-2024-28447

Shenzhen Libituo Technology Co., Ltd LBT-T300-mini1 v1.2.9 was discovered to contain a buffer overflow via lan_ipaddr parameters at...

CVE-2024-29758

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kienso Co-marquage service-public.Fr allows Reflected XSS.This issue affects Co-marquage service-public.Fr: from n/a through...

CVE-2024-28447

Shenzhen Libituo Technology Co., Ltd LBT-T300-mini1 v1.2.9 was discovered to contain a buffer overflow via lan_ipaddr parameters at...

CVE-2024-28446

Shenzhen Libituo Technology Co., Ltd LBT-T300-mini1 v1.2.9 was discovered to contain a buffer overflow via lan_netmask parameter at...

MobileShop Master 1.0 SQL Injection

...

CVE-2024-28446

Shenzhen Libituo Technology Co., Ltd LBT-T300-mini1 v1.2.9 was discovered to contain a buffer overflow via lan_netmask parameter at...

CVE-2024-28447

Shenzhen Libituo Technology Co., Ltd LBT-T300-mini1 v1.2.9 was discovered to contain a buffer overflow via lan_ipaddr parameters at...

CVE-2021-47441

In the Linux kernel, the following vulnerability has been resolved: mlxsw: thermal: Fix out-of-bounds memory accesses Currently, mlxsw allows cooling states to be set above the maximum cooling state supported by the driver: # cat /sys/class/thermal/thermal_zone2/cdev0/type mlxsw_fan # cat...

Oracle WebLogic Server OS Command Injection Flaw Under Active Attack

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a security flaw impacting the Oracle WebLogic Server to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2017-3506 (CVSS score: 7.4), the issue concerns an...

CVE-2013-2595

The device-initialization functionality in the MSM camera driver for the Linux kernel 2.6.x and 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, enables MSM_CAM_IOCTL_SET_MEM_MAP_INFO ioctl calls for an unrestricted mmap interface, which...

Talos joins CISA to counter cyber threats against non-profits, activists and other at-risk communities

Cisco Talos is delighted to share updates about our ongoing partnership with the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to combat cybersecurity threats facing civil society organizations. Talos has partnered with CISA on several initiatives through the Joint Cyber Defense...

Microsoft to Support ARM Chips in Upcoming Windows Version

Microsoft Corp., feeling pressure from popular products like Apple Inc.'s iPad, is developing a new operating system that marks a departure from the company's traditional reliance on Intel Corp.'s chip technology. This information comes from sources familiar with Microsoft's plans. Next month,...