17 matches found
LinkedIn Phishing Scam Uses Fake Notifications to Hijack Accounts
A LinkedIn phishing scam uses fake notifications and lookalike domains to steal credentials, hijack accounts, and access sensitive professional data...
Parse Server: Account takeover via operator injection in authentication data identifier
Impact An unauthenticated attacker can take over any user account that was created with an authentication provider that does not validate the format of the user identifier e.g. anonymous authentication. By sending a crafted login request, the attacker can cause the server to perform a...
EUVD-2021-20934
Malware in sbrugna...
Cyber Signals: Inside the growing risk of gift card fraud
In the ever-evolving landscape of cyberthreats, staying ahead of malicious actors is a constant challenge. Microsoft Threat Intelligence has observed that gift cards are attractive targets for fraud and social engineering practices. Unlike credit or debit cards, there’s no customer name or bank...
CVE-2022-40291
The application was vulnerable to Cross-Site Request Forgery CSRF attacks, allowing an attacker to coerce users into sending malicious requests to the site to delete their account, or in rare circumstances, hijack their account and create other admin accounts...
CVE-2022-41204
An attacker can change the content of an SAP Commerce - versions 1905, 2005, 2105, 2011, 2205, login page through a manipulated URL. They can inject code that allows them to redirect submissions from the affected login form to their own server. This allows them to steal credentials and hijack...
BTC2X 安全漏洞
BTC2X B2X is an application. The smart contract implements its own functionality, a tradable Ether ERC20 token with unprotected ownership, which allows anyone to become the owner of the contract, including the recipient. there is a security vulnerability in BTC2X that could be exploited by an...
Critical 'Sign in with Apple' Bug Could Have Let Attackers Hijack Anyone's Account
Apple recently paid Indian vulnerability researcher Bhavuk Jain a huge $100,000 bug bounty for reporting a highly critical vulnerability affecting its 'Sign in with Apple ' system. The now-patched vulnerability could have allowed remote attackers to bypass authentication and take over targeted...
Android Cookie-Stealing Malware Found Hijacking Facebook Accounts
A new simple but dangerous strain of Android malware has been found in the wild that steals users' authentication cookies from the web browsing and other apps, including Chrome and Facebook, installed on the compromised devices. Dubbed "Cookiethief " by Kaspersky researchers, the Trojan works by...
Ubuntu 16.04 LTS / 18.04 LTS : Django vulnerability (USN-4224-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4224-1 advisory. Simon Charette discovered that the password reset functionality in Django used a Unicode case insensitive query to retrieve accounts associated with a...
TradingView Cross-Site Scripting Vulnerability
TradingView Charting Library is an open source and free K chart analysis tool, with a comprehensive API. support for ordinary json data UDF, there is also support for websocket JSAPI, most of the digital currency exchanges use this component library as a K line analysis tool. TradingView has a...
CVE-2018-11554
The forgotten-password feature in index.php/member/reset/resetemail.html in YzmCMS v3.2 through v3.7 has a Response Discrepancy Information Exposure issue and an unexpectedly long lifetime for a verification code, which makes it easier for remote attackers to hijack accounts via a brute-force...
Default credentials
The forgotten-password feature in index.php/member/reset/resetemail.html in YzmCMS v3.2 through v3.7 has a Response Discrepancy Information Exposure issue and an unexpectedly long lifetime for a verification code, which makes it easier for remote attackers to hijack accounts via a brute-force...
Vulnerability in Facebook app allows hackers to steal access tokens and hijack accounts
None...
Perl$hop E-Commerce Input Injection
A while back I was playing around with Perl$hop, which if you are not aware, is an e-commerce script developed by Waverider Systems. XSS Cross Site Scripting, Directory Traversal, Code Execution, and more! Wow, that sure is a lot of vulnerabilities for one product. It would seem as if the...
Perl$hop E-Commerce Script - Trust Boundary Input Parameter Injection
A while back I was playing around with Perl$hop, which if you are not aware, is an e-commerce script developed by Waverider Systems. XSS Cross Site Scripting, Directory Traversal, Code Execution, and more! Wow, that sure is a lot of vulnerabilities for one product. It would seem as if the...
DEBIAN-CVE-2008-3920
Unspecified vulnerability in BitlBee before 1.2.2 allows remote attackers to "recreate" and "hijack" existing accounts via unspecified vectors...