information disclosure – Page 3

1,300 Popular Android Apps Access Data Without Proper Permissions

Posted on July 9, 2019 by Tom Spring

Study finds Android apps circumvented privacy opt-in rules and collected sensitive user information against user permission. Continue reading 1,300 Popular Android Apps Access Data Without Proper Permissions→

Slack Bug Allows Remote File Hijacking, Malware Injection

Posted on May 20, 2019 by Tara Seals

An attacker can supply a malicious hyperlink in order to secretly alter the download path for files shared in a Slack channel. Continue reading Slack Bug Allows Remote File Hijacking, Malware Injection→

Active Scans Target Vulnerable Cisco Routers for Remote Code-Execution

Posted on January 28, 2019 by Tara Seals

Cyberattackers are targeting a pair of just-patched vulnerabilities that allow remote unauthenticated information disclosure leading to remote code-execution. Continue reading Active Scans Target Vulnerable Cisco Routers for Remote Code-Execution→

Adobe Issues Unscheduled Updates for Experience Manager Platform

Posted on January 22, 2019 by Lindsey O'Donnell

The patches are part of Adobe’s second unscheduled update this month. Continue reading Adobe Issues Unscheduled Updates for Experience Manager Platform→

Popular Web-Hosting Platform Bluehost Riddled with Flaws, Researcher Claims

Posted on January 14, 2019 by Tara Seals

He said that similar flaws were also found in the Dreamhost, HostGator, OVH and iPage web hosting platforms. Continue reading Popular Web-Hosting Platform Bluehost Riddled with Flaws, Researcher Claims→

Adobe Fixes Acrobat and Reader Flaw With Publicly-Available PoC

Posted on November 13, 2018 by Lindsey O'Donnell

Overall, the company released only three patches as part of its regularly-scheduled November update. Continue reading Adobe Fixes Acrobat and Reader Flaw With Publicly-Available PoC→

Apache Tomcat Patches Important Security Vulnerabilities

Posted on July 24, 2018 by Mohit Kumar

The Apache Software Foundation (ASF) has released security updates to address several vulnerabilities in its Tomcat application server, one of which could allow a remote attacker to obtain sensitive information.

Apache Tomcat is an open source web ser… Continue reading Apache Tomcat Patches Important Security Vulnerabilities→

Western Digital My Cloud EX2 NAS Device Leaks Files

Posted on April 25, 2018 by Tom Spring

Default configuration of WD’s My Cloud storage device keeps port open for unprivileged data exfiltration within a network. Continue reading Western Digital My Cloud EX2 NAS Device Leaks Files→

SSD Advisory – TrendNet AUTHORIZED_GROUP Information Disclosure

Posted on February 14, 2018 by SSD / Maor Schwartz

Vulnerability Summary The following advisory describes an information disclosure found in the following TrendNet routers: TEW-751DR – v1.03B03 TEW-752DRU – v1.03B01 TEW733GR – v1.03B01 TRENDnet’s “N600 Dual Band Wireless R… Continue reading SSD Advisory – TrendNet AUTHORIZED_GROUP Information Disclosure→

SSD Advisory – Hack2Win – Cisco RV132W Multiple Vulnerabilities

Posted on February 11, 2018 by SSD / Maor Schwartz

Vulnerabilities Summary The following advisory describes two (2) vulnerabilities found in Cisco RV132W Wireless N VPN version 1.0.1.8 The Cisco RV132W Wireless-N ADSL2+ VPN Router is “easy to use, set up, and deploy. This flexible router offers g… Continue reading SSD Advisory – Hack2Win – Cisco RV132W Multiple Vulnerabilities→