Security
Headlines
HeadlinesLatestCVEs

Tag

#auth

3DSecure 2.0 3DS Authorization Challenge Cross Site Scripting

Multiple reflected cross site scripting vulnerabilities exist in the 3DS Authorization Challenge of 3DSecure version 2.0. These flaws allow attackers to inject arbitrary web scripts, CSS, or HTML through the manipulation of the params parameter in the request URL.

Packet Storm
#xss#vulnerability#web#mac#auth
3DSecure 2.0 3DS Method Authentication Cross Site Scripting

3DSecure version 2.0 is vulnerable to cross site scripting in its 3DSMethod Authentication. This vulnerability allows remote attackers to hijack the form action and change the destination website via the params parameter, which is base64 encoded and improperly sanitized.

Debian Security Advisory 5768-1

Debian Linux Security Advisory 5768-1 - Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.

PartnerLeak scam site promises victims full access to “cheating” partner’s stolen data

We dug into PartnerLeak, the site behind the "your partner is cheating on you" emails, including how and where the scammers get their information.

Nipah Virus Testing Management System 1.0 PHP Code Injection

Nipah Virus Testing Management System version 1.0 suffers from a php code injection vulnerability.

Medical Card Generations System 1.0 SQL Injection

Medical Card Generations System version 1.0 suffers from a remote SQL injection vulnerability.

Maid Hiring Management System 1.0 Insecure Settings

Maid Hiring Management System version 1.0 suffers from an ignored default credential vulnerability.

Emergency Ambulance Hiring Portal 1.0 PHP Code Injection

Emergency Ambulance Hiring Portal version 1.0 suffers from a php code injection vulnerability.

Rising Tide of Software Supply Chain Attacks: An Urgent Problem

Understanding a threat is just as important as the steps taken toward prevention.