Security
Headlines
HeadlinesLatestCVEs

Tag

#auth

Flightio.com SQL Injection

Flightio.com suffers from a remote SQL injection vulnerability. The researchers reporting this claimed the site has not responded to their reports so we are posting this to add visibility to the issue.

Packet Storm
Open in Source
#sql#vulnerability#web#js#php#auth
Frameworks, Guidelines & Bounties Alone Won't Defeat Ransomware

We need more than "do-it-yourself" approaches to threats that clearly rise to the level of national security issues.

Ambitious Training Initiative Taps Talents of Blind and Visually Impaired

Novacoast's Apex Program prepares individuals with visual impairments for cybersecurity careers.

91,000 Smart LG TV Devices Vulnerable to Remote Takeover

By Waqas LG TVs vulnerable! Update now to block hackers from taking control & stealing data (webOS 4-7). Millions at risk! This is a post from HackRead.com Read the original post: 91,000 Smart LG TV Devices Vulnerable to Remote Takeover

Researchers Discover LG Smart TV Vulnerabilities Allowing Root Access

Multiple security vulnerabilities have been disclosed in LG webOS running on its smart televisions that could be exploited to bypass authorization and gain root access on the devices. The findings come from Romanian cybersecurity firm Bitdefender, which discovered and reported the flaws in November 2023. The issues were fixed by LG as part of updates released on March 22, 2024. The

GHSA-m65c-wmw9-vmpp: Apache Zeppelin: Replacing other users notebook, bypassing any permissions

Authentication Bypass by Spoofing vulnerability by replacing to exsiting notes in Apache Zeppelin. This issue affects Apache Zeppelin: from 0.10.1 before 0.11.0. Users are recommended to upgrade to version 0.11.0, which fixes the issue.

GHSA-frc2-w2cc-x794: Eclipse Kura LogServlet vulnerability

In Eclipse Kura LogServlet component included in versions 5.0.0 to 5.4.1, a specifically crafted request to the servlet can allow an unauthenticated user to retrieve the device logs. Also, downloaded logs may be used by an attacker to perform privilege escalation by using the session id of an authenticated user reported in logs. This issue affects org.eclipse.kura:org.eclipse.kura.web2 version range [2.0.600, 2.4.0], which is included in Eclipse Kura version range [5.0.0, 5.4.1]

Starry Addax targets human rights defenders in North Africa with new malware

Cisco Talos is disclosing a new threat actor we deemed “Starry Addax” targeting mostly human rights activists, associated with the Sahrawi Arab Democratic Republic (SADR) cause with a novel mobile malware.

35-year long identity theft leads to imprisonment for victim

A man has pleaded guilty to assuming someone else's identity for 35 years.

CVE-2024-26214: Microsoft WDAC SQL Server ODBC Driver Remote Code Execution Vulnerability

**According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?** An authenticated victim who is connected to the network must be tricked or persuaded to connect to a malicious SQL database using their SQL client application. After the connection is made, the server can send specially crafted replies to the client that exploit the vulnerability and permit execution of arbitrary code within the context of the user's SQL client application.