#auth

changedetection versions 0.45.20 and below suffer from a remote code execution vulnerability.

Online Payment Hub System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

BWL Advanced FAQ Manager version 2.0.3 suffers from a remote SQL injection vulnerability.

iMLog versions prior to 1.307 suffer from a persistent cross site scripting vulnerability.

Check Point Security Gateway suffers from an information disclosure vulnerability. Versions affected include R77.20 (EOL), R77.30 (EOL), R80.10 (EOL), R80.20 (EOL), R80.20.x, R80.20SP (EOL), R80.30 (EOL), R80.30SP (EOL), R80.40 (EOL), R81, R81.10, R81.10.x, and R81.20.

Since February 2024, Cisco Talos has been observing an active campaign targeting Brazilian users with a new banking trojan called “CarnavalHeist.” Many of the observed tactics, techniques and procedures (TTPs) are common among other banking trojans coming out of Brazil.

By Waqas A data leak incident involving Clarity.fm left the personal data of business leaders and celebrities exposed to public… This is a post from HackRead.com Read the original post: Data Leak Exposes Business Leaders and Top Celebrity Data

By Daily Contributors Amazon Web Services (AWS) Simple Storage Service (S3) is a foundational pillar of cloud storage, offering scalable object… This is a post from HackRead.com Read the original post: In the jungle of AWS S3 Enumeration

All link fields within the TYPO3 installation are vulnerable to Cross-Site Scripting as authorized editors can insert javascript commands by using the url scheme `javascript:`.

It has been discovered, that calling a PHP script which is delivered with TYPO3 for testing purposes, discloses the absolute server path to the TYPO3 installation.