Lucene search
K

1378 matches found

Malwarebytes
Malwarebytes
added 2023/08/16 4:15 p.m.49 views

Discord.io confirms theft of 760,000 members' data

Discord.io was/is a third party service that enables owners of Discord servers to create customized, personal Discord invites. After a preview of Discord.io's users database was posted on BreachForums, the owners have decided to shut down all Discord.io services "for the foreseeable future."...

7.3AI score
Exploits0
OSV
OSV
added 2023/08/11 6:15 a.m.3 views

CVE-2023-40260

EmpowerID before 7.205.0.1 allows an attacker to bypass an MFA multi factor authentication requirement if the first factor username and password is known, because the first factor is sufficient to change an account's email address, and the product would then send MFA codes to the new email addres...

9.1CVSS5.7AI score0.00526EPSS
Exploits0References2
NVD
NVD
added 2023/08/11 6:15 a.m.10 views

CVE-2023-40260

EmpowerID before 7.205.0.1 allows an attacker to bypass an MFA multi factor authentication requirement if the first factor username and password is known, because the first factor is sufficient to change an account's email address, and the product would then send MFA codes to the new email addres...

9.1CVSS5.2AI score0.00526EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/08/11 6:15 a.m.3 views

CVE-2023-40260

EmpowerID before 7.205.0.1 allows an attacker to bypass an MFA multi factor authentication requirement if the first factor username and password is known, because the first factor is sufficient to change an account's email address, and the product would then send MFA codes to the new email addres...

9.1CVSS5.6AI score0.00526EPSS
Exploits0References3
OSV
OSV
added 2023/08/11 12:15 a.m.2 views

CVE-2023-35179

A vulnerability has been identified within Serv-U 15.4 that, if exploited, allows an actor to bypass multi-factor/two-factor authentication. The actor must have administrator-level access to Serv-U to perform this action...

7.2CVSS5.7AI score0.00918EPSS
Exploits0References2
NVD
NVD
added 2023/08/11 12:15 a.m.10 views

CVE-2023-35179

A vulnerability has been identified within Serv-U 15.4 that, if exploited, allows an actor to bypass multi-factor/two-factor authentication. The actor must have administrator-level access to Serv-U to perform this action...

7.2CVSS7AI score0.00918EPSS
Exploits0References2
Prion
Prion
added 2023/08/11 12:15 a.m.23 views

Design/Logic Flaw

A vulnerability has been identified within Serv-U 15.4 that, if exploited, allows an actor to bypass multi-factor/two-factor authentication. The actor must have administrator-level access to Serv-U to perform this action...

5.8CVSS6.9AI score0.00918EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/08/11 12:0 a.m.4 views

PT-2023-27351 · Empowerid · Empowerid

Name of the Vulnerable Software and Affected Versions: EmpowerID versions prior to 7.205.0.1 Description: The issue allows an attacker to bypass a multi-factor authentication MFA requirement if the first factor, which includes the username and password, is known. This is possible because knowing...

9.1CVSS4.2AI score0.00526EPSS
Exploits0References5
CVE
CVE
added 2023/08/11 12:0 a.m.44 views

CVE-2023-40260

EmpowerID prior to 7.205.0.1 is vulnerable to an MFA bypass: if an attacker knows the first factor (username/password), they can change the account’s email address and then receive MFA codes at the attacker-controlled email. This is documented across multiple sources (NVD/Red Hat entries and thir...

9.1CVSS6.7AI score0.00526EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2023/08/10 11:14 p.m.40 views

CVE-2023-35179

SolarWinds Serv-U 15.4 (including Hotfixes HF1/HF2) contains an authentication bypass vulnerability that enables an administrator with access to bypass multi-factor authentication. The CVE describes a MFA bypass with high impact on confidentiality, integrity, and availability. The documents provi...

7.2CVSS6.9AI score0.00918EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/08/10 11:14 p.m.13 views

CVE-2023-35179 2FA/MFA Bypass Vulnerability in Serv-U 15.4

A vulnerability has been identified within Serv-U 15.4 that, if exploited, allows an actor to bypass multi-factor/two-factor authentication. The actor must have administrator-level access to Serv-U to perform this action...

7.2CVSS7.1AI score0.00918EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2023/08/10 9:45 a.m.52 views

Cybercriminals Increasingly Using EvilProxy Phishing Kit to Target Executives

Threat actors are increasingly using a phishing-as-a-service PhaaS toolkit dubbed EvilProxy to pull off account takeover attacks aimed at high-ranking executives at prominent companies. According to Proofpoint, an ongoing hybrid campaign has leveraged the service to target thousands of Microsoft...

6.8AI score
Exploits0
CNNVD
CNNVD
added 2023/08/10 12:0 a.m.4 views

SolarWinds Serv-U FTP Server Access Control Error Vulnerability

SolarWinds Serv-U FTP Server is a suite of FTP and MFT file transfer software from the U.S. company SolarWinds. An access control error vulnerability exists in SolarWinds Serv-U FTP Server version 15.4, which can be exploited by an attacker to bypass multi-factor/two-factor authentication...

7.2CVSS6.7AI score0.00918EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/08/10 12:0 a.m.6 views

PT-2023-25189 · Serv-U · Serv-U

Name of the Vulnerable Software and Affected Versions: Serv-U version 15.4 Description: A vulnerability has been identified that allows an actor to bypass multi-factor or two-factor authentication. The actor must have administrator-level access to perform this action. Recommendations: For Serv-U...

7.2CVSS6.9AI score0.00918EPSS
Exploits0References3
NVD
NVD
added 2023/08/06 7:15 a.m.8 views

CVE-2023-4177

A vulnerability was found in EmpowerID up to 7.205.0.0. It has been rated as problematic. This issue affects some unknown processing of the component Multi-Factor Authentication Code Handler. The manipulation leads to information disclosure. The complexity of an attack is rather high. The...

5.7CVSS5.5AI score0.00191EPSS
Exploits0References3
OSV
OSV
added 2023/08/06 7:15 a.m.4 views

CVE-2023-4177

A vulnerability was found in EmpowerID up to 7.205.0.0. It has been rated as problematic. This issue affects some unknown processing of the component Multi-Factor Authentication Code Handler. The manipulation leads to information disclosure. The complexity of an attack is rather high. The...

5.7CVSS4.3AI score0.00191EPSS
Exploits0References3
Prion
Prion
added 2023/08/06 7:15 a.m.14 views

Information disclosure

A vulnerability was found in EmpowerID up to 7.205.0.0. It has been rated as problematic. This issue affects some unknown processing of the component Multi-Factor Authentication Code Handler. The manipulation leads to information disclosure. The complexity of an attack is rather high. The...

1.4CVSS7.1AI score0.00191EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2023/08/06 6:31 a.m.14 views

CVE-2023-4177 EmpowerID Multi-Factor Authentication Code information disclosure

A vulnerability was found in EmpowerID up to 7.205.0.0. It has been rated as problematic. This issue affects some unknown processing of the component Multi-Factor Authentication Code Handler. The manipulation leads to information disclosure. The complexity of an attack is rather high. The...

2.6CVSS6.7AI score0.00191EPSS
Exploits0References3
CVE
CVE
added 2023/08/06 6:31 a.m.41 views

CVE-2023-4177

CVE-2023-4177 affects EmpowerID up to version 7.205.0.0, involving unknown processing within the Multi-Factor Authentication Code Handler that can lead to information disclosure. The issue has high confidentiality impact with low attack complexity and low privileges required; exploitation is desc...

5.7CVSS4.8AI score0.00191EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2023/08/06 12:0 a.m.4 views

PT-2023-28086 · Empowerid · Empowerid

Name of the Vulnerable Software and Affected Versions: EmpowerID versions up to 7.205.0.0 Description: A problem was found in the Multi-Factor Authentication Code Handler component, which can lead to information disclosure. The complexity of an attack is rather high and the exploitation is known ...

5.7CVSS4.3AI score0.00191EPSS
Exploits0References7
Rows per page
Query Builder