Tag
A security researcher discovered an unauthenticated SQL injection vulnerability in Front Gate Tickets' device API, allowing full database read and admin access to the ticketing platform for major US festivals.
Security researcher Eaton discloses vulnerabilities in Johnson & Johnson's Campus Recruiting and Audit Tracking Management System web apps, exposing student data and allowing admin takeover due to flawed authentication using hardcoded API keys.
A 27-year-old authentication bypass vulnerability in OpenBSD's PPP stack allows an attacker to gain full PPPoE access without credentials by sending zero-length username and password fields, exploiting a missing bounds check in the PAP handler. The same code also permits a kernel heap over-read.
A security researcher discovered critical vulnerabilities in CBSE's On-Screen Marking portal, including a hardcoded master password and authentication bypass, which could allow full account takeover and tampering with exam evaluations.