Security
Headlines
HeadlinesLatestCVEs

Tag

#web

Electrolink FM/DAB/TV Transmitter Vertical Privilege Escalation

The application suffers from a privilege escalation vulnerability. An attacker can escalate his privileges by poisoning the Cookie from GUEST to ADMIN to effectively become Administrator or poisoning to ZSL to become Super Administrator.

Zero Science Lab
Open in Source
#vulnerability#web#git
Electrolink FM/DAB/TV Transmitter Remote Authentication Removal

The application is vulnerable to an unauthenticated parameter manipulation that allows an attacker to set the credentials to blank giving her access to the admin panel. Also vulnerable to account takeover and arbitrary password change.

Electrolink FM/DAB/TV Transmitter (Login Cookie) Authentication Bypass

The transmitter is vulnerable to an authentication bypass vulnerability affecting the Login Cookie. An attacker can set an arbitrary value except 'NO' to the Login Cookie and have full system access.

Electrolink FM/DAB/TV Transmitter (controlloLogin.js) Credentials Disclosure

The device is vulnerable to a disclosure of clear-text credentials in controlloLogin.js that can allow security bypass and system access.

Electrolink FM/DAB/TV Transmitter (login.htm/mail.htm) Credentials Disclosure

The device is vulnerable to a disclosure of clear-text credentials in login.htm and mail.htm that can allow security bypass and system access.

CVE-2023-44488: Comparing v1.13.0...v1.13.1 · webmproject/libvpx

VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding.

A Closer Look at the Snatch Data Ransom Group

Earlier this week, KrebsOnSecurity revealed that the darknet website for the Snatch ransomware group was leaking data about its users and the crime gang's internal operations. Today, we'll take a closer look at the history of Snatch, its alleged founder, and their claims that everyone has confused them with a different, older ransomware group by the same name.

September 2023: VM courses, Bahasa Indonesia, Russian Podcasts, Goodbye Tinkoff, MS Patch Tuesday, Qualys TOP 20, Linux, Forrester, GigaOm, R-Vision VM

Hello everyone! On the last day of September, I decided to record another retrospective episode on how my Vulnerability Management month went. Alternative video link (for Russia): https://vk.com/video-149273431_456239136 September was quite a busy month for me. Vulnerability Management courses I participated in two educational activities. The first one is an on-line cyber security course for […]

Embracing Minimalism: The “Less is More” Approach in UI/UX Design

By Owais Sultan In user interface (UI) and user experience (UX) design, the principle of “less is more” has emerged as… This is a post from HackRead.com Read the original post: Embracing Minimalism: The “Less is More” Approach in UI/UX Design

Apple, Microsoft, and Google Just Fixed Multiple Zero-Day Flaws

Plus: Mozilla patches 10 Firefox bugs, Cisco fixes a vulnerability with a rare maximum severity score, and SAP releases updates to stamp out three highly critical flaws.