252 matches found
CVE-2023-31445
Cassia Access controller before 2.1.1.2203171453, was discovered to have a unprivileged -information disclosure vulnerability that allows read-only users have the ability to enumerate all other users and discover e-mail addresses, phone numbers, and privileges of all other users...
Design/Logic Flaw
Cassia Access controller before 2.1.1.2203171453, was discovered to have a unprivileged -information disclosure vulnerability that allows read-only users have the ability to enumerate all other users and discover e-mail addresses, phone numbers, and privileges of all other users...
PT-2023-23332 · Unknown · Cassia Access Controller
Name of the Vulnerable Software and Affected Versions: Cassia Access controller versions prior to 2.1.1.2203171453 Description: The issue allows read-only users to enumerate all other users and discover sensitive information, including e-mail addresses, phone numbers, and privileges of all other...
Cassia Networks Access controller 安全漏洞
Cassia Networks Access Controller is an application from Cassia USA, Inc. Provides a powerful IoT network management solution. A security vulnerability exists in versions prior to Cassia Networks Access controller 2.1.1.2203171453. An attacker exploiting this vulnerability could enumerate all oth...
ASB-A-243130512
In multiple functions of RunningTasks.java, there is a possible privilege escalation due to a missing privilege check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
DataSurgeon - Quickly Extracts IP's, Email Addresses, Hashes, Files, Credit Cards, Social Secuirty Numbers And More From Text
DataSurgeon ds is a versatile tool designed for incident response, penetration testing, and CTF challenges. It allows for the extraction of various types of sensitive information including emails, phone numbers, hashes, credit cards, URLs, IP addresses, MAC addresses, SRV DNS records and a lot...
"2.6 million DuoLingo account entries" up for sale
Not a week goes by where we dont see an example of data scraping causing concern for both business and folks at home. The latest target happens to be popular language platform DuoLingo, who is currently digging into a forum post concerning data related to its customer accounts. Scraping data for...
Millions of Gemini cryptocurrency exchange user details leaked
If youre a user of the Gemini cryptocurrency exchange, its time to be on your guard against phishing attacks. Gemini says its own systems have not been compromised, but an unnamed third party has become the focal point for a breach. On December 13 or some point before, rogues gained access to jus...
CVE-2022-4004
The Donation Button WordPress plugin through 4.0.0 does not properly check for privileges and nonce tokens in its "donationbuttontwiliosendtestsms" AJAX action, which may allow any users with an account on the affected site, like subscribers, to use the plugin's Twilio integration to send SMSes t...
OpenHarmony 安全漏洞
OpenHarmony is a kind of Hongmeng operating system open source project of China OpenAtom Foundation OpenAtom Foundation Foundation. OpenHarmony telephonystateregistrytelephonysmsmms security vulnerability, the vulnerability in the communication subsystem of the phone to send public events with...
Watch out for this triple threat PayPal phish
ZDNet reports an interesting form of PayPal scam sent to one of their own writers. The scam is a so-called "triple threat" phish, in that it gives the scammer three different ways to potentially collect some ill gotten gains from potential victims. The idea is that if one of the three tactics...
This Malicious App Abused Hacked Devices to Create Fake Accounts on Multiple Platforms
A malicious Android SMS application discovered on the Google Play Store has been found to stealthily harvest text messages with the goal of creating accounts on a wide range of platforms like Facebook, Google, and WhatsApp. The app, named Symoo com.vanjan.sms, had over 100,000 downloads and...
Signal Phone Numbers Exposed in Twilio Hack
Twilio was hacked earlier this month, and the phone numbers of 1,900 Signal users were exposed: Heres what our users need to know: All users can rest assured that their message history, contact lists, profile information, whom theyd blocked, and other personal data remain private and secure and...
Nearly 1,900 Signal Messenger Accounts Potentially Compromised in Twilio Hack
Popular end-to-end encrypted messaging service Signal on Monday disclosed the cyberattack aimed at Twilio earlier this month may have exposed the phone numbers of roughly 1,900 users. "For about 1,900 users, an attacker could have attempted to re-register their number to another device or learned...
Malicious code in azure-communication-phone-numbers (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware eebc84b85319ed6d2f36c9fc902fe8dbf16a721c397be33473db4cca00811c8d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-1303 Malicious code in azure-communication-phone-numbers (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware eebc84b85319ed6d2f36c9fc902fe8dbf16a721c397be33473db4cca00811c8d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in communication-phone-numbers (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 042005d1096efded1c16660b5fb79cbbcc30d3782802bd7f49fb55bb56737c41 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-2137 Malicious code in communication-phone-numbers (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 042005d1096efded1c16660b5fb79cbbcc30d3782802bd7f49fb55bb56737c41 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-1304 Malicious code in azure-communication-phone-numbers-samples-js (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8429bebe06e34edb061ea6b59997e622bda91773c604839ae8159676029df670 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Twitter Used Two-Factor Login Details for Ad Targeting
Twitter was fined $150 million for using phone numbers and email addresses collected for two-factor authentication for ad targeting...