Security
Headlines
HeadlinesLatestCVEs

Tag

#auth

Emergency Ambulance Hiring Portal 1.0 SQL Injection

Emergency Ambulance Hiring Portal version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

Packet Storm
Open in Source
#sql#vulnerability#windows#google#php#auth#firefox
ManageEngine DeviceExpert 5.9.7 Build 5970 Hash Disclosure

ManageEngine DeviceExpert version 5.9.7 build 5970 allows for usernames and salted MD5 password hashes to be disclosed.

COVID19 Testing Management System 1.0 Insecure Settings

COVID19 Testing Management System version 1.0 suffers from an ignored default credential vulnerability.

BP Monitoring Management System 1.0 SQL Injection

BP Monitoring Management System version 1.0 version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

Auto/Taxi Stand Management System 1.0 SQL Injection

Auto/Taxi Stand Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

Master Your PCI DSS v4 Compliance with Innovative Smart Approvals

The PCI DSS landscape is evolving rapidly. With the Q1 2025 deadline looming ever larger, businesses are scrambling to meet the stringent new requirements of PCI DSS v4.0. Two sections in particular, 6.4.3 and 11.6.1, are troublesome as they demand that organizations rigorously monitor and manage payment page scripts and use a robust change detection mechanism. With the deadline fast approaching

Apple Drops Spyware Case Against NSO Group, Citing Risk of Threat Intelligence Exposure

Apple has filed a motion to "voluntarily" dismiss its lawsuit against commercial spyware vendor NSO Group, citing a shifting risk landscape that could lead to exposure of critical "threat intelligence" information. The development was first reported by The Washington Post on Friday. The iPhone maker said its efforts, coupled with those of others in the industry and national governments to tackle

How Red Hat is integrating post-quantum cryptography into our products

In a previous post-quantum (PQ) article, we introduced the threat that quantum computing presents for any systems, networks and applications that utilize cryptography. In this article, you’ll learn what you can do to assist your organization in achieving crypto-agility with Red Hat and what to expect of Red Hat products as we begin to integrate post-quantum cryptographic functions into them.The capabilities described in the following sections assume timely and functional implementation of industry standards and specifications and the libraries that implement them. If these are not achieved,

Ivanti Warns of Active Exploitation of Newly Patched Cloud Appliance Vulnerability

Ivanti has revealed that a newly patched security flaw in its Cloud Service Appliance (CSA) has come under active exploitation in the wild. The high-severity vulnerability in question is CVE-2024-8190 (CVSS score: 7.2), which allows remote code execution under certain circumstances. "An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows