23 matches found
GHSA-MGHP-5CQ4-V6MG Snipe-IT has an open redirect vulnerability
Open redirect vulnerability in Snipe-IT allows attackers to redirect users to malicious sites via unvalidated HTTP Referer header stored in session variable. Impact - Phishing: Redirect users to fake login pages to steal credentials - Session Hijacking: Redirect to attacker site that captures...
EUVD-2016-2491
Malware in sbrugna...
EUVD-2021-10916
Malware in sbrugna...
CVE-2024-22202
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. phpMyFAQ's user removal page allows an attacker to spoof another user's detail, and in turn make a compelling phishing case for removing another user's account. The front-end of this page doesn'...
CVE-2025-47779 Using malformed From header can forge identity with ";" or NULL in name portion
Asterisk is an open-source private branch exchange PBX. Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk, SIP requests of the type MESSAGE RFC 3428 authentication do not get proper alignment. An authenticated attacker...
CVE-2025-47789 Horilla Open Redirect Vulnerability in Login
Horilla is a free and open source Human Resource Management System HRMS. In versions up to and including 1.3, an attacker can craft a Horilla URL that refers to an external domain. Upon clicking and logging in, the user is redirected to an external domain. This allows the redirection to any...
One Click Could Cost You Everything – Even Your Smartest Employee Might Be the Biggest Security Risk!
Running short on time but still want to stay in the know? Well, we’ve got you covered! We’ve condensed all the key takeaways into a handy audio summary. Our AI-driven podcasts are fit for on the go. Click right here to hear it all on CAASM & CDMB Inefficiencies! Introduction: The Persistent Threa...
PCI DSS 4.0 Mandates DMARC By 31st March 2025
The payment card industry has set a critical deadline for businesses handling cardholder data or processing payments- by March 31, 2025, DMARC implementation will be mandatory! This requirement highlights the importance of preventative measures against email fraud, domain spoofing, and phishing i...
CVE-2022-35953
BookWyrm is a social network for tracking your reading, talking about books, writing reviews, and discovering what to read next. Some links in BookWyrm may be vulnerable to tabnabbing, a form of phishing that gives attackers an opportunity to redirect a user to a malicious site. The issue was...
Restaurant platform SevenRooms confirms data breach
SevenRooms, a "guest experience and retention platform" for food establishments and hospitality organisations, has confirmed it has fallen victim to a third party vendor data breach. Mostly known for its customer management platform, Seven Rooms' breach came to light after stolen data was seen fo...
Hoxhunt Primed to Spread Gamified Phishing Awareness in the Enterprise
By Owais Sultan Given the potent and rising threat of phishing, enterprises need an effective program that delivers real results. This is a post from HackRead.com Read the original post: Hoxhunt Primed to Spread Gamified Phishing Awareness in the Enterprise...
Rancher Login Parameter Can Be Edited
A vulnerability exists in Rancher 2.1.4 in the login component, where the errorMsg parameter can be tampered to display arbitrary content, filtering tags but not special characters or symbols. There's no other limitation of the message, allowing malicious users to lure legitimate users to visit...
CVE-2020-26953
It was possible to cause the browser to enter fullscreen mode without displaying the security UI; thus making it possible to attempt a phishing attack or otherwise confuse the user. This vulnerability affects Firefox 83, Firefox ESR 78.5, and Thunderbird 78.5...
Humble Bundle alerts customers to subscription reveal bug
You’ll want to check your mailbox if you have a Humble Bundle account, as they’re notifying some customers of a bug used to gather subscriber information. Click to enlarge The mail reads as follows: Hello, Last week, we discovered someone using a bug in our code to access limited non-personal...
Threat Outbreak Alert RuleID30948: Email Messages Distributing Malicious Software on October 12, 2017
Medium Alert ID: 55593 First Published: 2017 October 12 13:03 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID30948 may contain the following files: Name |...
Threat Outbreak Alert RuleID29215: Email Messages Distributing Malicious Software on May 23, 2017
Medium Alert ID: 53926 First Published: 2017 May 23 15:06 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID29215 may contain the following files: Name | Size...
Threat Outbreak Alert RuleID17690: Email Messages Distributing Malicious Software on September 1, 2015
Medium Alert ID: 40761 First Published: 2015 September 2 13:41 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID17690 may contain the following files: Name |...
Threat Outbreak Alert RuleID13633: Email Messages Distributing Malicious Software on February 19, 2015
Medium Alert ID: 37522 First Published: 2015 February 19 21:55 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID13633 may contain the following files: Name |...
Threat Outbreak Alert: Fake Product Purchase Order Request Email Messages on January 26, 2014
Medium Alert ID: 32575 First Published: 2014 January 27 14:34 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain a product purchase order request. The text in the email message attempts to convince the recipient to open the...
Threat Outbreak Alert: Fake Shipment Invoice Notification Email Messages on June 13, 2013
Low Alert ID: 29669 First Published: 2013 June 14 12:58 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain a DHL shipment invoice. The text in the email message attempts to convince the recipient to open the attachment and...