Microsoft Office 365 Phishing Attack Uses Multiple CAPTCHAs

Researchers are warning of an ongoing Office 365 credential-phishing attack that’s targeting the hospitality industry – and using visual CAPTCHAs to avoid detection and appear legitimate. CAPTCHAs – commonly utilized by websites like LinkedIn and Google – are a type of challenge–response test use...

Whisper: SMS Invite Form Abuse

whisper.sh fails to protect the invite form from abuse from attackers. If a malicious individual wants to abuse this functionality, they could send repeated/automated requests to the same phone number or range of phone numbers that do no actually belong to himself. This would result in lots of...

Jcaptcha vulnerability

Hi, Jcaptcha has a design problem that allows a complete bypass of it's security features. Vendor was contacted on 12/Dec/09: http://jcaptcha.octo.com/jira/browse/FWK-114 Other captcha systems could be affected. Kind Regards, --------------------- Hugo Vazquez Carames "El trabajo que nunca se...

e107 email.php Arbitrary Mail Relay

The version of e107 installed on the remote host contains a script, 'email.php' that allows an unauthenticated user to send email messages to arbitrary users and to control, to a large degree, the content of those messages. This issue can be exploited to send spam or other types of abuse through...

Mantis Bug Tracker 0.x - New Account Signup Mass Emailing

source: https://www.securityfocus.com/bid/10995/info Mantis is reportedly susceptible to a vulnerability in its signup process allowing mass email attacks. When a new user signs up to Mantis, the system automatically sends an email message to the given email address. This email contains the users...