13 matches found
CVE-2025-49490
Resource leak vulnerability in ASR180x in router allows Resource Leak Exposure. This vulnerability is associated with program files router/sms/sms.c. This issue affects FalconLinux、Kestrel、LapwingLinux: before v1536...
CVE-2023-48839
Appointment Scheduler 3.0 is vulnerable to Multiple Stored Cross-Site Scripting XSS issues via the name, pluginsmsapikey, pluginsmscountrycode, calendarid, title, country name, or customername parameter...
X (Formerly Twitter): Identify the mobile number of a twitter user
Summary: By exploiting this security vulnerability we can detect the mobile number of a twitter user. Description: This security vulnerability is of type "Information disclosure" it allows to exploit Flawed behavior of the twitter system to obtain distinct responses when different error states...
Mail.ru: Account TakeOver at kvartira.city-mobil.ru
kvartira.city-mobil.ru had no sufficient protection against SMS code bruteforce...
Mail.ru: [combo.mail.ru] SMS code bruteforce
Authentication procedure was not sufficiently protected against bruteforce and allowed arbitrary combo.mail.ru account takeover...
Mail.ru: Брутфорс sms кода подтверждения для смены номера телефона в аккаунте LootDog.
SMS code for phone number change in lootdog.io was not sufficiently protected against bruteforce...
Mail.ru: Account TakeOver at my.33slona.ru
Logon via SMS code validation was not sufficiently protected against bruteforce in my.33slona.ru Common flaws of SMS auth: https://blog.deteact.com/common-flaws-of-sms-auth/...
Mail.ru: Account Takeover worki.ru
worki.ru had no sufficient protection against SMS code bruteforce...
Mail.ru: Account Takeover at vseapteki.ru
Insufficient protection against SMS code bruteforcing allowed account takeover in vseapteki.ru Common flaws of SMS auth: https://blog.deteact.com/common-flaws-of-sms-auth/...
Mail.ru: worki.ru: SMS code bruteforce
SMS code verification process in worki.ru was not sufficiently protected against bruteforce attack Common flaws of SMS auth: https://blog.deteact.com/common-flaws-of-sms-auth/...
QIWI: Imformation Disclosure on id.rapida.ru
Привет, Происходит раскрытие путей на id.rapida.ru/dp.php Шаги для воспроизведения: 1 Перейти на https://id.rapida.ru/login 2 Попробовать авторизоваться через телефон, ожидая смс-код. 3 Попробовать ввести не рабочий смс кодлюбой 4 В респонсе можно увидеть пути HTTP/1.1 200 OK Server: nginx Date:...
Enter: No rate limit which leads to "Users information Disclosure" including verfification documents etc.
HOST api.romit.io Endpoint /v0/cash/auth/login Issue When an attacker tries to login at app.romit.io, he is prompted to enter the PIN . There is no rate limit to verify this. Although there is a an authorization header Authorization: Credential=b67b0b10571ac00444de3cffde0b5b05,...
Google Adds Two-Factor Verification to Gmail
Google has introduced a new two-step authentication feature for Gmail users that it says will significantly increase the security of the free mail service. The system enables users to set up a method for obtaining a secret code that will be required, along with a password, to access a Gmail...