Criminals using compromised social media accounts to "post indecent images of children" says UK cybercrime organization

Action Fraud, the UK's national reporting center for fraud and cybercrime, is warning of a very disturbing scam involving social media and "indecent images of children." Details are light, but social media fans should take this as a warning to lock down their accounts immediately...

Session Fixation

zoneminder:edge is vulnerable to session fixation.As an attacker can fixate his own session cookies to the next logged-in user, thereby hijacking the victim's account. This occurs because a set of multiple cookies between 3 and 5 is being generated when a user successfully logs in, and these sets...

CVE-2021-29221

A local privilege escalation vulnerability was discovered in Erlang/OTP prior to version 23.2.3. By adding files to an existing installation's directory, a local attacker could hijack accounts of other users running Erlang programs or possibly coerce a service running with "erlsrv.exe" to execute...

CVE-2021-29221

A local privilege escalation vulnerability was discovered in Erlang/OTP prior to version 23.2.3. By adding files to an existing installation's directory, a local attacker could hijack accounts of other users running Erlang programs or possibly coerce a service running with "erlsrv.exe" to execute...

CVE-2021-29221

A local privilege escalation vulnerability was discovered in Erlang/OTP prior to version 23.2.3. By adding files to an existing installation's directory, a local attacker could hijack accounts of other users running Erlang programs or possibly coerce a service running with "erlsrv.exe" to execute...

Ektron CMS Take Over - Hijacking Accounts

I have detailed a vulnerability within Ektron CMS that allows an unauthenticated user to hijack any account. The clear targets of choice for this CMS would be the builtin or admin account. Whilst I found this issue back in 2012, it appears that around 65 are still vulnerable and should be patchin...

Another way to hack Facebook accounts using OAuth vulnerability

In recent few months White hat Hacker ,'Nir Goldshlager' reported many critical bugs in Facebook OAuth mechanism, that allowed an attacker to hijack any Facebook account without user's interaction. Another hacker, 'Amine Cherrai' reported a new Facebook OAuth flaw, whose exploitation is actually...

Gentoo Security Advisory GLSA 200809-14 (bitlbee)

The remote host is missing updates announced in advisory GLSA 200809-14. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...