Threat Actors Leverage File-Sharing Service and Reverse Proxies for Credential Harvesting

We analyzed a phishing campaign involving malicious emails containing a link to a file-sharing solution, which further leads to a PDF document with a secondary link designed to steal login info and session cookies...

Design/Logic Flaw

Atlas Copco Power Focus 6000 web server does not sanitize the login information stored by the authenticated user’s browser, which could allow an attacker with access to the user’s computer to gain credential information of the controller...

LastPass users should move their crypto funds, experts warn

Several experts have warned LastPass users who store cryptocurrency-related login information in their vaults to change that login information as soon as they can. Apparently, cybercriminals who have access to the stolen information are making it a priority to decrypt the data in an attempt to...

CVE-2019-11233

EXCELLENT INFOTEK BiYan v1.57 v2.8 allows an attacker to leak user information without being authenticated, by sending a LOGINID element to the auth/main/asp/checkuserlogininfo.aspx URI, and then reading the response, as demonstrated by the KWEMAIL or KWTEL field...

CVE-2017-17735

CMS Made Simple CMSMS before 2.2.5 does not properly cache login information in cookies...

CVE-2015-7732

The Avira Mobile Security app before 1.5.11 for iOS sends sensitive login information in cleartext...

e-webtech (fixed_page.asp) SQL Injection Vulnerability

No description provided by source. e-webtech fixedpage.asp SQL Injection Vulnerability Author : Fl0riX Name : e-webtech Bug Type : SQL Injection Infection : Admin login bilgileri alinabilir. Demo Vuln : http://site/fixedpage.asp?id=SQL Inj. User...

CVE-2011-4730

The Server Administration Panel in Parallels Plesk Panel 10.2.0build1011110331.18 generates a password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation, as demonstrated by forms in...

Hellenic Parliament ( Greek ) Websites hacked, Database Leaked !

Hellenic Parliament Greek Websites hacked, Database Leaked ! A hacker today hacked into the website of Hellenic Parliament Greek at & Leak some User/Login info at Pastie . He Name it the "REAL DEMOCRACY REVERSE ENGINEERING". The file contains Web.config file info also : Reason of Hack as mentione...

IPN Development Handler 2.0 - Multiple Vulnerabilities

IPN Development Handler 2.0 - Multiple Vulnerabilities IPN Development Handler v2.0 CSRF Change Admin Account ============================================================== .:. Author : AtT4CKxT3rR0r1ST [email protected] .:. Script :...

School Management System Pro 6.0.0 Backup Disclosure

======================================================================================== | Title : School Management System Pro 6.0.0 Backup Dump Vulnerability | Author : indoushka | email : [email protected] | Home : www.iqs3cur1ty.com/vb | Web Site :...

Virtue Shopping Mall - cid SQL Injection

Virtue Shopping Mall - cid SQL Injection CMS : Virtue Shopping Mall WEB : http://www.virtuenetz.com/mall/ Archivo : products.php Variable Tipo : GET valor : cid Tipo : SQL Injection URL : http://www.site.com/products.php?cid=SQLI Exploit : undersec@Undersec:/Escritorio$ php exploit.php...

Aztek Forum 4.00 - Cross-Site Scripting / SQL Injection

/==========================================/ // AZTEK forums 4.0 multiple vulnerabilities PoC // Product: AZTEK forums // URL: http://www.forum-aztek.com/ // RISK: high /==========================================/ PoC 1- XSS - Post a message including the following line:...

CVE-2000-0361

The CVE-2000-0361 issue affects wvdial 1.4 and earlier, where the PPP wvdial.lxdialog script creates a .config file with world-readable permissions. This allows a local attacker who is in the dialout group to access login credentials stored in that file. The available connected sources confirm th...