Lucene search
K

252 matches found

NVD
NVD
added 2023/05/11 12:15 p.m.17 views

CVE-2023-31445

Cassia Access controller before 2.1.1.2203171453, was discovered to have a unprivileged -information disclosure vulnerability that allows read-only users have the ability to enumerate all other users and discover e-mail addresses, phone numbers, and privileges of all other users...

5.3CVSS5.3AI score0.01155EPSS
Exploits1References3
Prion
Prion
added 2023/05/11 12:15 p.m.20 views

Design/Logic Flaw

Cassia Access controller before 2.1.1.2203171453, was discovered to have a unprivileged -information disclosure vulnerability that allows read-only users have the ability to enumerate all other users and discover e-mail addresses, phone numbers, and privileges of all other users...

5CVSS5.3AI score0.01155EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2023/05/11 12:0 a.m.5 views

PT-2023-23332 · Unknown · Cassia Access Controller

Name of the Vulnerable Software and Affected Versions: Cassia Access controller versions prior to 2.1.1.2203171453 Description: The issue allows read-only users to enumerate all other users and discover sensitive information, including e-mail addresses, phone numbers, and privileges of all other...

5.3CVSS5.2AI score0.01155EPSS
Exploits1References6
CNNVD
CNNVD
added 2023/05/11 12:0 a.m.3 views

Cassia Networks Access controller 安全漏洞

Cassia Networks Access Controller is an application from Cassia USA, Inc. Provides a powerful IoT network management solution. A security vulnerability exists in versions prior to Cassia Networks Access controller 2.1.1.2203171453. An attacker exploiting this vulnerability could enumerate all oth...

5.3CVSS5.9AI score0.01155EPSS
Exploits1References4
OSV
OSV
added 2023/04/01 12:0 a.m.43 views

ASB-A-243130512

In multiple functions of RunningTasks.java, there is a possible privilege escalation due to a missing privilege check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS5.4AI score0.00178EPSS
Exploits0References4
Kitploit
Kitploit
added 2023/03/07 11:30 a.m.95 views

DataSurgeon - Quickly Extracts IP's, Email Addresses, Hashes, Files, Credit Cards, Social Secuirty Numbers And More From Text

DataSurgeon ds is a versatile tool designed for incident response, penetration testing, and CTF challenges. It allows for the extraction of various types of sensitive information including emails, phone numbers, hashes, credit cards, URLs, IP addresses, MAC addresses, SRV DNS records and a lot...

7.1AI score
Exploits0References5
Malwarebytes
Malwarebytes
added 2023/01/26 1:0 a.m.19 views

"2.6 million DuoLingo account entries" up for sale

Not a week goes by where we dont see an example of data scraping causing concern for both business and folks at home. The latest target happens to be popular language platform DuoLingo, who is currently digging into a forum post concerning data related to its customer accounts. Scraping data for...

6.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/12/21 2:0 a.m.23 views

Millions of Gemini cryptocurrency exchange user details leaked

If youre a user of the Gemini cryptocurrency exchange, its time to be on your guard against phishing attacks. Gemini says its own systems have not been compromised, but an unnamed third party has become the focal point for a breach. On December 13 or some point before, rogues gained access to jus...

6.8AI score
Exploits0
NVD
NVD
added 2022/12/12 6:15 p.m.29 views

CVE-2022-4004

The Donation Button WordPress plugin through 4.0.0 does not properly check for privileges and nonce tokens in its "donationbuttontwiliosendtestsms" AJAX action, which may allow any users with an account on the affected site, like subscribers, to use the plugin's Twilio integration to send SMSes t...

4.3CVSS0.00486EPSS
Exploits2References1
CNNVD
CNNVD
added 2022/12/08 12:0 a.m.10 views

OpenHarmony 安全漏洞

OpenHarmony is a kind of Hongmeng operating system open source project of China OpenAtom Foundation OpenAtom Foundation Foundation. OpenHarmony telephonystateregistrytelephonysmsmms security vulnerability, the vulnerability in the communication subsystem of the phone to send public events with...

6.2CVSS5.7AI score0.00175EPSS
Exploits0References2
Malwarebytes
Malwarebytes
added 2022/12/05 11:0 p.m.15 views

Watch out for this triple threat PayPal phish

ZDNet reports an interesting form of PayPal scam sent to one of their own writers. The scam is a so-called "triple threat" phish, in that it gives the scammer three different ways to potentially collect some ill gotten gains from potential victims. The idea is that if one of the three tactics...

0.7AI score
Exploits0
The Hacker News
The Hacker News
added 2022/11/30 12:15 p.m.29 views

This Malicious App Abused Hacked Devices to Create Fake Accounts on Multiple Platforms

A malicious Android SMS application discovered on the Google Play Store has been found to stealthily harvest text messages with the goal of creating accounts on a wide range of platforms like Facebook, Google, and WhatsApp. The app, named Symoo com.vanjan.sms, had over 100,000 downloads and...

Exploits0
Schneier on Security
Schneier on Security
added 2022/08/23 11:30 a.m.14 views

Signal Phone Numbers Exposed in Twilio Hack

Twilio was hacked earlier this month, and the phone numbers of 1,900 Signal users were exposed: Heres what our users need to know: All users can rest assured that their message history, contact lists, profile information, whom theyd blocked, and other personal data remain private and secure and...

1.3AI score
Exploits0
The Hacker News
The Hacker News
added 2022/08/16 5:42 a.m.50 views

Nearly 1,900 Signal Messenger Accounts Potentially Compromised in Twilio Hack

Popular end-to-end encrypted messaging service Signal on Monday disclosed the cyberattack aimed at Twilio earlier this month may have exposed the phone numbers of roughly 1,900 users. "For about 1,900 users, an attacker could have attempted to re-register their number to another device or learned...

6.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/06/20 8:16 p.m.5 views

Malicious code in azure-communication-phone-numbers (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware eebc84b85319ed6d2f36c9fc902fe8dbf16a721c397be33473db4cca00811c8d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2022/06/20 8:16 p.m.16 views

MAL-2022-1303 Malicious code in azure-communication-phone-numbers (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware eebc84b85319ed6d2f36c9fc902fe8dbf16a721c397be33473db4cca00811c8d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/06/20 8:11 p.m.3 views

Malicious code in communication-phone-numbers (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 042005d1096efded1c16660b5fb79cbbcc30d3782802bd7f49fb55bb56737c41 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2022/06/20 8:11 p.m.5 views

MAL-2022-2137 Malicious code in communication-phone-numbers (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 042005d1096efded1c16660b5fb79cbbcc30d3782802bd7f49fb55bb56737c41 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSV
OSV
added 2022/06/20 8:10 p.m.5 views

MAL-2022-1304 Malicious code in azure-communication-phone-numbers-samples-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8429bebe06e34edb061ea6b59997e622bda91773c604839ae8159676029df670 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
Schneier on Security
Schneier on Security
added 2022/06/09 2:30 p.m.18 views

Twitter Used Two-Factor Login Details for Ad Targeting

Twitter was fined $150 million for using phone numbers and email addresses collected for two-factor authentication for ad targeting...

2.8AI score
Exploits0
Rows per page
Query Builder