18 matches found
DNSmasq 安全漏洞
DNSmasq is a DNS configuration tool developed by Simon Kelley. DNSmasq has a security vulnerability, which stems from the extractname function being exploitable, leading to a heap buffer overflow. This allows attackers to inject fake DNS cache entries, potentially redirecting DNS queries to...
Unspecified vulnerability in Discourse (CNVD-2026-17482)
Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse has a security vulnerability that can be exploited by an attacker to cause a legitimate Discourse authorization page to display...
Fake Pudgy World site steals your crypto passwords
A phishing site impersonating the newly-launched Pudgy World browser game is targeting crypto users with a technique that goes well beyond a convincing logo and matching color scheme. Pudgy World is a free-to-play browser game built around the Pudgy Penguins NFT brand. Players explore a virtual...
EUVD-2018-4419
Malware in sbrugna...
APT36 Spoofs India Post Website to Infect Windows and Android Users with Malware
An advanced persistent threat APT group with ties to Pakistan has been attributed to the creation of a fake website masquerading as India's public sector postal system as part of a campaign designed to infect both Windows and Android users in the country. Cybersecurity company CYFIRMA has...
Design/Logic Flaw
Whale Browser before 1.3.48.4 displays no URL information but only a title of a web page on the browser's address bar when visiting a non-http page, which allows an attacker to display a malicious web page with a fake domain name...
CVE-2018-12448
Whale Browser before 1.3.48.4 displays no URL information but only a title of a web page on the browser's address bar when visiting a non-http page, which allows an attacker to display a malicious web page with a fake domain name...
CVE-2018-12448
Whale Browser before 1.3.48.4 displays no URL information but only a title of a web page on the browser's address bar when visiting a non-http page, which allows an attacker to display a malicious web page with a fake domain name...
CVE-2018-12448
Whale Browser before 1.3.48.4 displays no URL information but only a title of a web page on the browser's address bar when visiting a non-http page, which allows an attacker to display a malicious web page with a fake domain name...
CVE-2018-7635
Whale Browser before 1.0.41.8 displays no URL information but only a title of a web page on the browser's address bar when visiting a blank page, which allows an attacker to display a malicious web page with a fake domain name...
CVE-2018-7635
Whale Browser before 1.0.41.8 displays no URL information but only a title of a web page on the browser's address bar when visiting a blank page, which allows an attacker to display a malicious web page with a fake domain name...
CVE-2018-7635
Whale Browser before 1.0.41.8 displays no URL information but only a title of a web page on the browser's address bar when visiting a blank page, which allows an attacker to display a malicious web page with a fake domain name...
Session Hijacking, Cookie-Stealing WordPress Malware Spotted
Researchers have identified a strain of cookie stealing malware injected into a legitimate JavaScript file, that masquerades as a WordPress core domain. Cesar Anjos, a security analyst at Sucuri, a firm that specializes in WordPress security, came across the malware during an incident response...
Brave Software: homograph-attack (unicode vuln)
Hi team Summary: Affacted product appears identicaly different websites domains attacker uses unicode to register domains that look identical to real domains ,These fake domains can be used to fool users into signing into a fake website, thereby handing over their login credentials to an...
Microsoft Windows 7 (x86/x64) - Group Policy Privilege Escalation (MS16-072)
Exploit Title: Group Policy Elevation of Privilege Vulnerability Date: 08-08-2016 Exploit Author: Nabeel Ahmed Tested on: Windows 7 Professional x32/x64 CVE : CVE-2016-3223 Category: Privilege Escalation SPECIAL CONFIG: Standard Domain Member configuration with valid credentials. Standard Domain...
Updated DGA Changer Malware Generates Fake Domain Stream
LAS VEGAS — The group behind the DGA Changer downloader has been pretty adept in modifying the malware to elude sandbox detection in particular. Researchers at Seculert today published a report on the latest twist to DGA Changer, which now is able to generate a fake stream of domains if it detect...
HackerOne: Improper way of validating a program
Hello HackerOne, I found out that it's easy to publish a program that isn't yours. January 20, 2015 I created a program named Puffer Bird and I leave the sandbox to prepare to launch the program. Then, I requested for a program review. January 21, 2014 at 1:08 AM I received an email from...
Discovered the biggest Facebook phishing in French
Discovered the biggest Facebook phishing in French Two Days before we publish that Geeks at Security Web-Center Found 25 Facebook phishing sites. Security Web-Center found another biggest Facebook phishing site in French which steal more then 5000 usernames and passwords, using the fake domain...