#git

The application suffers from a privilege escalation vulnerability. An attacker can escalate his privileges by poisoning the Cookie from GUEST to ADMIN to effectively become Administrator or poisoning to ZSL to become Super Administrator.

The application is vulnerable to an unauthenticated parameter manipulation that allows an attacker to set the credentials to blank giving her access to the admin panel. Also vulnerable to account takeover and arbitrary password change.

The transmitter is vulnerable to an authentication bypass vulnerability affecting the Login Cookie. An attacker can set an arbitrary value except 'NO' to the Login Cookie and have full system access.

The device is vulnerable to a disclosure of clear-text credentials in controlloLogin.js that can allow security bypass and system access.

The device is vulnerable to a disclosure of clear-text credentials in login.htm and mail.htm that can allow security bypass and system access.

Hello everyone! On the last day of September, I decided to record another retrospective episode on how my Vulnerability Management month went. Alternative video link (for Russia): https://vk.com/video-149273431_456239136 September was quite a busy month for me. Vulnerability Management courses I participated in two educational activities. The first one is an on-line cyber security course for […]

By Owais Sultan In user interface (UI) and user experience (UX) design, the principle of “less is more” has emerged as… This is a post from HackRead.com Read the original post: Embracing Minimalism: The “Less is More” Approach in UI/UX Design

By Deeba Ahmed This is an active campaign, with 5,440 attacks detected in the first two weeks of September. This is a post from HackRead.com Read the original post: New BEC 3.0 Attack Exploiting Dropbox for Phishing

Missing Authorization in GitHub repository hamza417/inure prior to build94.

Plus: Stolen US State Department emails, $20 million zero-day flaws, and controversy over the EU’s message-scanning law.