#git

School Log Management System version 1.0 suffers from a PHP code injection vulnerability.

A major cyberattack targeting Wi-Fi networks at UK railway stations, including London Euston and Manchester Piccadilly, has caused…

Developers need to do more than scan code and vet software components, and ops should do more than just defend the deployment pipeline.

An environment that values creativity, continuous learning, and calculated risk-taking can prevent boredom while building a resilient, adaptable team ready to tackle whatever challenges come their way.

Many spammers have elected to attack web pages and mail servers of legitimate organizations, so they may use these “pirated” resources to send unsolicited email.

As Israel intensifies its attacks on Lebanon, eerie messages have been arriving on the phones of civilians on both sides of the border, with authorities in each country accusing the other of psychological warfare.

League of Legends fans beware! A new malware campaign targeting the League of Legends World Championship is spreading…

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Low attack complexity Vendor: Advantech Equipment: ADAM-5550 Vulnerabilities: Weak Encoding for Password, Cross-site Scripting 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow a remote attacker to intercept the easily decodable credentials of a legitimate user to gain full access to the device and could plant malicious code on the web page of the device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Advantech's ADAM, are affected: Advantech ADAM 5550: All versions 3.2 Vulnerability Overview 3.2.1 WEAK ENCODING FOR PASSWORD CWE-261 User credentials are shared with a low level of encryption, consisting of base 64 encoding. CVE-2024-37187 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.7 has been calculated; the CVSS vector string is (AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N). A CVSS v4 score has also been calculated for CVE-2024-37187. A base score of 6.8 has been c...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: Advantech Equipment: ADAM-5630 Vulnerabilities: Use of Persistent Cookies Containing Sensitive Information 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to hijack a legitimate user's session, perform cross-site request forgery, or cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Advantech's ADAM are affected: Advantech ADAM-5630: versions prior to v2.5.2 3.2 Vulnerability Overview 3.2.1 USE OF PERSISTENT COOKIES CONTAINING SENSITIVE INFORMATION CWE-539 Cookies of authenticated users remain as active valid cookies when a session is closed. Forging requests with a legitimate cookie, even if the session was terminated, allows an unauthorized attacker to act with the same level of privileges of the legitimate user. CVE-2024-39275 has been assigned to this vulnerability. A CVSS v3.1 base score of 8.0 has been ...

Researchers found a flaw in a Kia web portal that let them track millions of cars, unlock doors, and start engines at will—the latest in a plague of web bugs that’s affected a dozen carmakers.