Security
Headlines
HeadlinesLatestCVEs

Tag

#git

Electrolink FM/DAB/TV Transmitter (Login Cookie) Authentication Bypass

The transmitter is vulnerable to an authentication bypass vulnerability affecting the Login Cookie. An attacker can set an arbitrary value except 'NO' to the Login Cookie and have full system access.

Zero Science Lab
Open in Source
#vulnerability#web#git#auth
Electrolink FM/DAB/TV Transmitter (controlloLogin.js) Credentials Disclosure

The device is vulnerable to a disclosure of clear-text credentials in controlloLogin.js that can allow security bypass and system access.

Electrolink FM/DAB/TV Transmitter (login.htm/mail.htm) Credentials Disclosure

The device is vulnerable to a disclosure of clear-text credentials in login.htm and mail.htm that can allow security bypass and system access.

September 2023: VM courses, Bahasa Indonesia, Russian Podcasts, Goodbye Tinkoff, MS Patch Tuesday, Qualys TOP 20, Linux, Forrester, GigaOm, R-Vision VM

Hello everyone! On the last day of September, I decided to record another retrospective episode on how my Vulnerability Management month went. Alternative video link (for Russia): https://vk.com/video-149273431_456239136 September was quite a busy month for me. Vulnerability Management courses I participated in two educational activities. The first one is an on-line cyber security course for […]

Embracing Minimalism: The “Less is More” Approach in UI/UX Design

By Owais Sultan In user interface (UI) and user experience (UX) design, the principle of “less is more” has emerged as… This is a post from HackRead.com Read the original post: Embracing Minimalism: The “Less is More” Approach in UI/UX Design

New BEC 3.0 Attack Exploiting Dropbox for Phishing

By Deeba Ahmed This is an active campaign, with 5,440 attacks detected in the first two weeks of September. This is a post from HackRead.com Read the original post: New BEC 3.0 Attack Exploiting Dropbox for Phishing

Chinese Hackers Are Hiding in Routers in the US and Japan

Plus: Stolen US State Department emails, $20 million zero-day flaws, and controversy over the EU’s message-scanning law.

CVE-2023-5300: CV3Cyb3R/2023/TTSPlanning/TTSPlanning.md at main · CV3TR4CK/CV3Cyb3R

A vulnerability classified as critical has been found in TTSPlanning up to 20230925. This affects an unknown part. The manipulation of the argument uid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240939.

CVE-2023-5207

A vulnerability was discovered in GitLab CE and EE affecting all versions starting 16.0 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. An authenticated attacker could perform arbitrary pipeline execution under the context of another user.