Security
Headlines
HeadlinesLatestCVEs

Tag

#google

Webile 1.0.1 Directory Traversal

Webile version 1.0.1 suffers from a directory traversal vulnerability.

Packet Storm
Open in Source
#vulnerability#web#ios#android#mac#windows#google#linux#redis#php#auth#firefox#wifi
6 Best Ways to Make a Collaborative PowerPoint Presentation

By Owais Sultan Among the several online presentation-making platforms, Microsoft PowerPoint is the first choice of professionals. The platform allows you… This is a post from HackRead.com Read the original post: 6 Best Ways to Make a Collaborative PowerPoint Presentation

Android and iOS leak some data outside VPNs

Categories: News Tags: VPN Tags: iOS Tags: Android Tags: tunnel Tags: captive portal Tags: leak Tags: anonymity “Block connections without VPN” doesn't block all connections without a VPN and “Always on VPN” isn't always on. (Read more...) The post Android and iOS leak some data outside VPNs appeared first on Malwarebytes Labs.

How to Use Passkeys in Google Chrome and Android

Google wants to make your digital life—in its ecosystem, anyway—passwordless and more secure.

Elon Musk’s SpaceX Bails on Starlink Funding for Ukraine

Plus: Hackers hit the Mormon Church, Signal plans to ditch SMS for Android, and a Fat Bear election erupts in scandal.

CVE-2022-39308: Releases - Version notes | GoCD

GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions from 19.2.0 to 19.10.0 (inclusive) are subject to a timing attack in validation of access tokens due to use of regular string comparison for validation of the token rather than a constant time algorithm. This could allow a brute force attack on GoCD server API calls to observe timing differences in validations in order to guess an access token generated by a user for API access. This issue is fixed in GoCD version 19.11.0. As a workaround, users can apply rate limiting or insert random delays to API calls made to GoCD Server via a reverse proxy or other fronting web server. Another workaround, users may disallow use of access tokens by users by having an administrator revoke all access tokens through the "Access Token Management" admin function.

Apple's Constant Battles Against Zero-Day Exploits

Such exploits sell for up to $10 million, making them the single most valuable commodity in the cybercrime underworld.

CVE-2022-20397: Pixel Update Bulletin—October 2022  |  Android Open Source Project

In SitRilClient_OnResponse of SitRilSe.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-223086933References: N/A

CVE-2022-42064: Online Diagnostic Lab Management System 1.0 SQL Injection

Online Diagnostic Lab Management System version 1.0 remote exploit that bypasses login with SQL injection and then uploads a shell.

CVE-2022-42066: Online Examination System 1.0 Cross Site Scripting ≈ Packet Storm

Online Examination System version 1.0 suffers from a cross site scripting vulnerability via index.php.