Lucene search
+L

193 matches found

wired
wired
added 2023/02/11 2:0 p.m.17 views

North Korean Hackers Are Attacking US Hospitals

Plus: Deepfake disinformation spotted in the wild, Android privacy problems in China, Reddit gets phished, and more...

3AI score
Exploits0
malwarebytes
malwarebytes
added 2023/02/10 5:15 p.m.17 views

Reddit breached, here's what you need to know

On Thursday, February 9, 2023, Reddit reported that it had experienced a security incident as a result of an employee being phished. What happened? According to Reddit, it "became aware of a sophisticated phishing campaign" late on February 5, 2023, that attempted to steal credentials and...

7.7AI score
Exploits0
hackread
hackread
added 2023/02/10 3:29 p.m.29 views

Reddit Hacked After Employee Bites on Phishing Scam

By Deeba Ahmed According to Reddit, the breach took place after one of its employees fell for a phishing scam email sent through a malicious fake website. This is a post from HackRead.com Read the original post: Reddit Hacked After Employee Bites on Phishing Scam...

0.5AI score
Exploits0
cnnvd
cnnvd
added 2023/01/07 12:0 a.m.5 views

RedditOnRails 访问控制错误漏洞

RedditOnRails is a Reddit-like site built on Ruby on Rails. An access control error vulnerability exists in RedditOnRails, which stems from incorrect access control...

4.3CVSS4.8AI score0.0056EPSS
Exploits0References4
hackerone
hackerone
added 2022/12/22 5:58 p.m.20 views

Reddit: oauth misconfigration lead to account takeover

Vulnerability description not provided...

7.1AI score
Exploits0
hackerone
hackerone
added 2022/11/05 5:59 a.m.81 views

Reddit: api keys leaked

Summary: Disclosure of valid private keys may lead to unauthorized access to any systems that use them for authentication. Verify whether any keys disclosed are actually valid, and whether their disclosure within the application is appropriate Impact: Disclosure of valid private keys may lead to...

2.1AI score
Exploits0
hackerone
hackerone
added 2022/10/20 1:16 p.m.10 views

Reddit: read and message other user's messages

Vulnerability description not provided...

7.1AI score
Exploits0
malwarebytes
malwarebytes
added 2022/08/29 10:0 a.m.23 views

A week in security (August 22 - August 28)

Last week on Malwarebytes Labs: Cryptojackers growing in numbers and sophistication CISA wants you to patch these actively exploited vulnerabilities before September 8 Reddit users crowdsourcing explicit images and identities Criminals socially engineer their way to bank details with fake arrest...

0.6AI score
Exploits0
malwarebytes
malwarebytes
added 2022/08/22 5:0 p.m.26 views

Reddit users crowdsourcing explicit images and identities

The BBC is warned of a large photograph trading ring which operated on popular group forum site Reddit. These warnings are in relation to stolen nude photographs and other content shared without permission. In this case, even non-explicit photos are being posted alongside frequently degrading and...

6.8AI score
Exploits0
hackerone
hackerone
added 2022/08/06 4:59 a.m.104 views

Reddit: IDOR allows an attacker to modify the links of any user

Hi team! I found an IDOR which allows to modify the links of any user. Users can put their custom links or social media links on their profile, ex: F1855366 To reproduce this: - Replicate the following request by replacing it with your own authentication headers: You must also put in the body of...

1.3AI score
Exploits0
hackerone
hackerone
added 2022/08/03 6:7 p.m.50 views

Reddit: Getting access of mod logs from any public or restricted subreddit with IDOR vulnerability

Summary: There's no check if the user is moderator of the particular subreddit or not while trying to access the mod logs via gql.reddit.com by using operation id. You can change the parameter subredditName to any target subreddit name which is public or restricted and get access to mod logs of...

6.5AI score
Exploits0
hackerone
hackerone
added 2022/08/01 3:44 p.m.28 views

Reddit: Reddit talk promotion offers don't expire, allowing users to accept them after being demoted

Description: When promoting a user to a speaker/host, an offerId is created which can be accepted by the user. However, after accepting them the offerIds don't expire. This means that after the user is demoted back to a listener, they can still use the offerIds to go back to their previous promot...

0.5AI score
Exploits0
hackerone
hackerone
added 2022/07/09 10:25 a.m.47 views

Reddit: Can use the Reddit android app as usual even though revoking the access of it from reddit.com

Summary: Hi Team, For the last 4 days, I kept testing reddit web. That time, I revoked app access from the old.reddit.com and i checked my app and as expected i was not able to use the account in my app. After 2 days I was checking the chat invites feature on the web and after some time I turned ...

6.8AI score
Exploits0
hackerone
hackerone
added 2022/06/22 1:19 p.m.19 views

Reddit: Rate limit is implemented in Reddit , but its not working .

Vulnerability description not provided...

7.1AI score
Exploits0
ossf
ossf
added 2022/06/20 8:21 p.m.4 views

Malicious code in reddit-client-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6334d220686bbc61b76a7ebb42383b2aaba756c99ec547cdf39748884d32fd3e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
osv
osv
added 2022/06/20 8:21 p.m.7 views

MAL-2022-5720 Malicious code in reddit-client-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6334d220686bbc61b76a7ebb42383b2aaba756c99ec547cdf39748884d32fd3e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
hackerone
hackerone
added 2022/06/04 12:14 p.m.33 views

Reddit: Several Subdomains Takeover

there are some subdomains in reddit.com those are vulnerable to takeover subdomain attack. I found these subdomains while I have been testing the subdomains of reddit.com. Steps To Reproduce: add details for how we can reproduce the issue 1. create a user account in reddit.com. 2. there are some...

7AI score
Exploits0
hackerone
hackerone
added 2022/05/27 10:17 a.m.42 views

Reddit: Misconfigurated login page able to lock login action for any account without user interaction

Summary While observing a few things about the login feature, I found that the account was locked after a certain number of requests. Although this feature is actually added to prevent problems such as rate limit, it is open to account lock attacks by attackers. PoC 1. Save this code as exploit.p...

7AI score
Exploits0
github
github
added 2022/05/14 4:1 a.m.19 views

Reddit Terminal Viewer (RTV) vulnerable to argument injection attacks

scripts/inspectwebbrowser.py in Reddit Terminal Viewer RTV 1.19.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL...

8.8CVSS8.5AI score0.0122EPSS
Exploits0References4Affected Software1
osv
osv
added 2022/05/14 4:1 a.m.26 views

GHSA-336H-Q7MH-8VF8 Reddit Terminal Viewer (RTV) vulnerable to argument injection attacks

scripts/inspectwebbrowser.py in Reddit Terminal Viewer RTV 1.19.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL...

8.8CVSS8.4AI score0.0122EPSS
Exploits0References4
Rows per page
Query Builder