Security
Headlines
HeadlinesLatestCVEs

Tag

#apple

New Dark Web Market Styx: Focuses on Money Laundering, Identity Theft

By Deeba Ahmed Styx has quickly gained traction as a hub for various illicit activities, following the recent seizure of the Genesis dark web market. This is a post from HackRead.com Read the original post: New Dark Web Market Styx: Focuses on Money Laundering, Identity Theft

HackRead
Open in Source
#web#apple#ddos#git#auth
Adobe Reset User Passwords as Precaution Against Data Breach Risks

By Waqas If you have received a password reset or "update your password" email from Adobe recently, you are not alone. This is a post from HackRead.com Read the original post: Adobe Reset User Passwords as Precaution Against Data Breach Risks

Auto Dealer Management System 1.0 Broken Access Control

Auto Dealer Management System version 1.0 suffers from a broken access control vulnerability

Intern Record System 1.0 SQL Injection

Intern Record System version 1.0 suffers from a remote SQL injection vulnerability.

CVE-2023-1908: bug_report/SQLi-1.md at main · Kerkong/bug_report

A vulnerability was found in SourceCodester Simple Mobile Comparison Website 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/categories/view_category.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-225150 is the identifier assigned to this vulnerability.

CVE-2023-1802: Docker Desktop release notes

In Docker Desktop 4.17.x the Artifactory Integration falls back to sending registry credentials over plain HTTP if the HTTPS health check has failed. A targeted network sniffing attack can lead to a disclosure of sensitive information. Only users who have Access Experimental Features enabled and have logged in to a private registry are affected.

Google Mandates Android Apps to Offer Easy Account Deletion In-App and Online

Google is enacting a new data deletion policy for Android apps that allow account creation to also offer users with a setting to delete their accounts in an attempt to provide more transparency and control over their data. "For apps that enable app account creation, developers will soon need to provide an option to initiate account and data deletion from within the app and online," Bethel

CVE-2022-4938: Changeset 2632630 for wc-frontend-manager – WordPress Plugin Repository

The WCFM Frontend Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.6.0 due to missing nonce checks on various AJAX actions. This makes it possible for unauthenticated attackers to perform a wide variety of actions such as modifying knowledge bases, modifying notices, modifying payments, managing vendors, capabilities, and so much more, via a forged request granted they can trick a site's administrator into performing an action such as clicking on a link. There were hundreds of AJAX endpoints affected.