Security
Headlines
HeadlinesLatestCVEs

Tag

#ios

Online Sports Complex Booking System 1.0 Insecure Settings

Online Sports Complex Booking System version 1.0 suffers from an ignored default credential vulnerability.

Packet Storm
Open in Source
#sql#xss#csrf#vulnerability#web#ios#mac#windows#apple#google#ubuntu#linux#debian#cisco#java#php#perl#auth#ruby#firefox
Pavel Durov Criticizes Outdated Laws After Arrest Over Telegram Criminal Activity

Telegram CEO Pavel Durov has broken his silence nearly two weeks after his arrest in France, stating the charges are misguided. "If a country is unhappy with an internet service, the established practice is to start a legal action against the service itself," Durov said in a 600-word statement on his Telegram account. "Using laws from the pre-smartphone era to charge a CEO with crimes committed

YubiKeys Are a Security Gold Standard—but They Can Be Cloned

Security researchers have discovered a cryptographic flaw that leaves the YubiKey 5 vulnerable to attack.

Why It's So Hard to Fully Block X in Brazil

With 20,000 internet providers across the country, the technical challenges of blocking X in Brazil mean some connections are slipping through the cracks.

We Hunted Hidden Police Signals at the DNC

Using special software, WIRED investigated police surveillance at the DNC. We collected signals from nearly 300,000 devices, revealing vulnerabilities for both law enforcement and everyday citizens alike.

“Hello pervert” sextortion scam includes new threat of Pegasus—and a picture of your home

" Hello pervert" sextortion mails keep adding new features to their email to increase credibility and urge victims to pay

GHSA-v26r-4c9c-h3j6: gix-path uses local config across repos when it is the highest scope

### Summary `gix-path` executes `git` to find the path of a configuration file that belongs to the `git` installation itself, but mistakenly treats the local repository's configuration as system-wide if no higher scoped configuration is found. In rare cases, this causes a less trusted repository to be treated as more trusted, or leaks sensitive information from one repository to another, such as sending credentials to another repository's remote. ### Details In `gix_path::env`, the underlying implementation of the `installation_config` and `installation_config_prefix` functions calls `git config -l --show-origin` and parses the first line of the output to extract the path to the configuration file holding the configuration variable of highest [scope](https://git-scm.com/docs/git-config#SCOPES): https://github.com/Byron/gitoxide/blob/12251eb052df30105538fa831e641eea557f13d8/gix-path/src/env/git/mod.rs#L91 https://github.com/Byron/gitoxide/blob/12251eb052df30105538fa831e641eea557f13...