47 matches found
Facebook scam promises cheap Aldi meat boxes, steals payment info instead
Sometimes you spot posts on social media that make you wonder if any moderation takes place at all. Which is concerning, because two- thirds of all online shopping scams now start on Facebook and Instagram. Online shopping scams are alarmingly common and have become one of the most frequently...
EUVD-2022-43900
Malicious code in bioql PyPI...
Doppler: Acquisition on broken link listed on the page "https://docs.doppler.com/docs/removal-deprecated-packages-scripts in [scheduling a call]
The report describes a broken link on the Doppler documentation website. The broken link was located on the page "https://docs.doppler.com/docs/removal-deprecated-packages-scripts" in the "scheduling a call" section. The broken link pointed to "https://calendly.com/doppler-ryan/onsite-install",...
SUSE CVE-2022-40626
An unauthenticated user can create a link with reflected Javascript code inside the backurl parameter and send it to other authenticated users in order to create a fake account with predefined login, password and role in Zabbix Frontend...
CVE-2022-40626
An unauthenticated user can create a link with reflected Javascript code inside the backurl parameter and send it to other authenticated users in order to create a fake account with predefined login, password and role in Zabbix Frontend...
CVE-2022-40626
An unauthenticated user can create a link with reflected Javascript code inside the backurl parameter and send it to other authenticated users in order to create a fake account with predefined login, password and role in Zabbix Frontend...
CVE-2022-40626
An unauthenticated user can create a link with reflected Javascript code inside the backurl parameter and send it to other authenticated users in order to create a fake account with predefined login, password and role in Zabbix Frontend...
Code injection
An unauthenticated user can create a link with reflected Javascript code inside the backurl parameter and send it to other authenticated users in order to create a fake account with predefined login, password and role in Zabbix Frontend...
CVE-2022-40626
An unauthenticated user can create a link with reflected Javascript code inside the backurl parameter and send it to other authenticated users in order to create a fake account with predefined login, password and role in Zabbix Frontend...
Zabbix Frontend 跨站脚本漏洞
Zabbix Frontend is a monitoring software front-end tool from the US-based Zabbix. A security vulnerability exists in Zabbix Frontend, which originates from the ability for an unauthenticated user to create a link with reflective Javascript code in the backurl parameter and send it to other...
CVE-2022-40626
An unauthenticated user can create a link with reflected Javascript code inside the backurl parameter and send it to other authenticated users in order to create a fake account with predefined login, password and role in Zabbix Frontend...
PT-2022-4909 · Zabbix +1 · Zabbix Frontend +2
Name of the Vulnerable Software and Affected Versions: Zabbix Frontend affected versions not specified Description: The issue is related to the lack of protection measures for the web page structure when handling the backurl parameter in Zabbix Frontend. This can be exploited by an unauthenticate...
Urban Company: Broken Link on Urban Company's Vulnerability Submission Form
Summary: - Urban Company has an unclaimed broken link on their HackerOne security page which can be claimed by any malicious user. And then later the malicious user can exploit this issue to deceive new researchers to submit their legitimate findings to the wrong hands. Steps To Reproduce: 1.Visi...
EOS has a fake account vulnerability
EOS is a blockchain operating system designed for commercial distributed applications. The vulnerability stems from a logic error in the user registration function in the code. An attacker could use the vulnerability to perform a withdrawal operation on the amount in a fake account...
Cyber Security Week in Review (Feb. 8)
Welcome to this week's Cyber Security Week in Review, where Cisco Talos runs down all of the news we think you need to know in the security world. For more news delivered to your inbox every week, sign up for our Threat Source newsletter here. Top headlines this week Attackers continue to utilize...
Be wary of Mega Millions winner “giveaway” on social media
I don't do lotteries, but if I did, I'd probably never, ever win in a million years. That's not a problem faced by 20-year-old Shane Missler, winner of the fourth-largest haul in Mega Millions' 21 years of handing out large bundles of cash. He's on record as saying he wants to "do some good" for...
Social Engine 4.x (Music Plugin) Arbitrary File Upload Vulnerability
No description provided by source. Exploit Title: Social Engine 4.x Music Plugin Arbitrary File Upload Google Dork: inurl:user/auth/forgot Date: 22/12/2010 Author: MyDoom Moroccan Hacker Contact: [email protected] Software Link: http://http://www.socialengine.net Version: Social Engine 4.x...
Threat Outbreak Alert: Fake Account Credential Information Email Messages on May 28, 2014
Medium Alert ID: 34386 First Published: 2014 May 29 13:07 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain account credential information for the recipient. The email message attempts to convince the recipient to open the...
Threat Outbreak Alert: Fake Account Statement Email Messages on May 23, 2014
Medium Alert ID: 34344 First Published: 2014 May 23 14:42 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain an account statement for the recipient. The text in the email message attempts to convince the recipient to open t...
Threat Outbreak Alert: Fake Account Statement Notification Email Messages on May 14, 2014
Medium Alert ID: 34227 First Published: 2014 May 14 17:34 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain an account statement notification for the recipient. The text in the email message attempts to convince the...