Social Engineering to Disable iMessage Protections

I am always interested in new phishing tricks, and watching them spread across the ecosystem. A few days ago I started getting phishing SMS messages with a new twist. They were standard messages about delayed packages or somesuch, with the goal of getting me to click on a link and entering some...

CVE-2024-42165 Arbitrary User Activation

Insufficiently random values for generating activation token in FIWARE Keyrock = 8.4 allow attackers to activate accounts of any user by predicting the token for the activation link...

CVE-2021-40128

A vulnerability in the account activation feature of Cisco Webex Meetings could allow an unauthenticated, remote attacker to send an account activation email with an activation link that points to an arbitrary domain. This vulnerability is due to insufficient validation of user-supplied parameter...

xwiki-platform 授权问题漏洞

Thomas Mortagne xwiki-platform is an open source application by Thomas Mortagne. A general-purpose wiki platform that provides runtime services for applications built on it. xwiki-platform suffers from an authorization issue vulnerability that stems from the fact that a user who registers using...

Weblate: CSRF - Changing the full name / adding a secondary email identity of an account via a GET request

SUMMARY ---------- Hello, I have found a CSRF request via the activation email that will change the full name of the targeted account. This vulnerability exists if the attacker registers a new account and then gives his activation link to someone else. If the victim uses the received activation...

Advisory SE-2008-01: PunBB Blind Password Recovery Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SektionEins GmbH www.sektioneins.de -= Security Advisory =- Advisory: PunBB Blind Password Recovery Vulnerability Release Date: 2008/02/20 Last Modified: 2008/02/20 Author: Stefan Esser stefan.esseratsektioneins.de Application: PunBB = 1.2.16 Severity...