Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

Sielco PolyEco Digital FM Transmitter 2.0.6 Authentication Bypass

Sielco PolyEco Digital FM Transmitter version 2.0.6 suffers from authentication bypass, account takeover / lockout, and privilege escalation vulnerabilities that can be triggered by directly calling the user object and modifying the password of the two constants user/role (user/admin). This can be exploited by an unauthenticated adversary by issuing a single POST request to the vulnerable endpoint and gain unauthorized access to the affected device with administrative privileges.

Packet Storm
Open in Source
#vulnerability#web#mac#git#php#auth
Sielco PolyEco Digital FM Transmitter 2.0.6 Information Disclosure

Sielco PolyEco Digital FM Transmitter version 2.0.6 suffers from an information disclosure vulnerability due to improper access control enforcement. An unauthenticated remote attacker can exploit this issue via a specially crafted request to gain access to sensitive information.

Sielco PolyEco Digital FM Transmitter 2.0.6 POST Manipulation

Sielco PolyEco Digital FM Transmitter version 2.0.6 suffers from a radio data system POST manipulation vulnerability.

Sielco PolyEco Digital FM Transmitter 2.0.6 Authorization Bypass

Sielco PolyEco Digital FM Transmitter version 2.0.6 suffers from an authorization bypass vulnerability.

Sielco PolyEco Digital FM Transmitter 2.0.6 Authentication Bypass

Sielco PolyEco Digital FM Transmitter version 2.0.6 suffers from an authentication bypass vulnerability.

CVE-2023-27830: TightVNC: What's New in TightVNC

TightVNC before v2.8.75 allows attackers to escalate privileges on the host operating system via replacing legitimate files with crafted files when executing a file transfer. This is due to the fact that TightVNC runs in the backend as a high-privileges account.

LinkedIn Verification Now Lets You Verify Your Job and Account

To beat back fake accounts, the professional social network is rolling out new tools to prove you work where you say you do and are who you say you are.

LastPass Breach Reveals Important Lessons

Devastating cyberattacks often can be prevented with basic cybersecurity measures.

Israel-based Spyware Firm QuaDream Targets High-Risk iPhones with Zero-Click Exploit

Threat actors using hacking tools from an Israeli surveillanceware vendor named QuaDream targeted at least five members of civil society in North America, Central Asia, Southeast Asia, Europe, and the Middle East. According to findings from a group of researchers from the Citizen Lab, the spyware campaign was directed against journalists, political opposition figures, and an NGO worker in 2021.

The Service Accounts Challenge: Can't See or Secure Them Until It's Too Late

Here's a hard question to answer: 'How many service accounts do you have in your environment?'. A harder one is: 'Do you know what these accounts are doing?'. And the hardest is probably: 'If any of your service account was compromised and used to access resources would you be able to detect and stop that in real-time?'.  Since most identity and security teams would provide a negative reply,