EUVD-2026-8980

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by modifying malicious input injected into the MBird SMS service URL and/or code via the utility route which is later processed duri...

CVE-2026-3037

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by modifying malicious input injected into the MBird SMS service URL and/or code via the utility route which is later processed duri...

CVE-2026-3037 Copeland XWEB and XWEB Pro OS Command Injection

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by modifying malicious input injected into the MBird SMS service URL and/or code via the utility route which is later processed duri...

Copeland XWEB PRO 操作系统命令注入漏洞

Copeland XWEB PRO is an advanced commercial and industrial refrigeration monitoring and management system developed by the American company Copeland. Versions of Copeland XWEB PRO prior to 1.12.1 contained a vulnerability related to operating system command injection. This vulnerability stemmed...

PT-2026-22279

Name of the Vulnerable Software and Affected Versions XWEB Pro versions 1.12.1 and earlier Description A flaw exists that allows a logged-in attacker to execute code on a system remotely. This is achieved by altering harmful input within the URL of the MBird SMS service and/or code through the...

MSS Claims NSA Used 42 Cyber Tools in Multi-Stage Attack on Beijing Time Systems

China on Sunday accused the U.S. National Security Agency NSA of carrying out a "premeditated" cyber attack targeting the National Time Service Center NTSC, as it described the U.S. as a "hacker empire" and the "greatest source of chaos in cyberspace." The Ministry of State Security MSS, in a...

Google Android Information Disclosure Vulnerability (CNVD-2023-99039)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an information disclosure vulnerability, which is caused by the disclosure of side channel information in the SMS service. The vulnerability can be exploited by an attacker to obtain sensitive...

WordPress Amelia plugin Amelia SMS service authorization issue vulnerability

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. WordPress plugin is a WordPress open source application plugin. WordPress Amelia plugin is vulnerable to a...

CVE-2022-0837

The Amelia WordPress plugin before 1.0.48 does not have proper authorisation when handling Amelia SMS service, allowing any customer to send paid test SMS notification as well as retrieve sensitive information about the admin, such as the email, account balance and payment history. A malicious...

Design/Logic Flaw

The Amelia WordPress plugin before 1.0.48 does not have proper authorisation when handling Amelia SMS service, allowing any customer to send paid test SMS notification as well as retrieve sensitive information about the admin, such as the email, account balance and payment history. A malicious...

CVE-2022-0837

The CVE concerns the Amelia WordPress plugin (before 1.0.48) with an authorization flaw in the Amelia SMS service. The vulnerability allows any authenticated customer to perform paid test SMS notifications and to access admin data (email, balance, and payment history), enabling account draining b...

CVE-2022-0837 Amelia < 1.0.48 - Customer+ SMS Service Abuse and Sensitive Data Disclosure

The Amelia WordPress plugin before 1.0.48 does not have proper authorisation when handling Amelia SMS service, allowing any customer to send paid test SMS notification as well as retrieve sensitive information about the admin, such as the email, account balance and payment history. A malicious...

Amelia < 1.0.48 - Customer+ SMS Service Abuse and Sensitive Data Disclosure

The plugin does not have proper authorisation when handling Amelia SMS service, allowing any customer to send paid test SMS notification as well as retrieve sensitive information about the admin, such as the email, account balance and payment history. A malicious actor can abuse this vulnerabilit...

WordPress Amelia plugin <= 1.0.47 - SMS Service Abuse and Sensitive Data Disclosure vulnerability

SMS Service Abuse and Sensitive Data Disclosure vulnerability discovered by Huli Cymetrics in WordPress Amelia plugin versions = 1.0.47. Solution Update the WordPress Amelia plugin to the latest available version at least 1.0.48...

Millions of Android Users Scammed in SMS Fraud Driven by Tik-Tok Ads

Threat actors are using malicious Android apps to scam users into signing up for a bogus premium SMS subscription service, which results in big charges accruing on their phone bills. Jakub Vavra from the threat operations team of security firm Avast uncovered the campaign, which he dubbed UltimaS...

Android Trojan GriftHorse, the gift horse you definitely should look in the mouth

Researchers at Zimperium have discovered an aggressive mobile premium services campaign with over 10 million victims all over the world. The stolen amount could amass hundreds of millions of Euros. The scam was hidden behind malicious Android apps, and the researchers have named the Trojan...

Zomato: Base alpha version code exposure

An alpha version of our Base product was exposed on a Jenkins server. Thanks @n0rb3r7 for reporting this. During my reconnaissance, I discovered via a self-signed SSL certificate with Zomato listed as the organization name. Upon navigating to the server on port 80, I discovered a default Laravel...

Short Password Reset code vulnerability allows hackers to brute-force many websites

Yesterday we received a vulnerability report in web applications from some unknown Indian Hacker, who explained that how Hackers are hijacking Mobile recharge and Free SMS service related websites. He detailed the loophole in password reset process, that could allow attackers to brute force many...

Al Jazeera SMS service Hacked, Fake messages spread by Hackers

Al-Jazeera says hackers have targeted the Qatar-based TV satellite channel for the second time in a week, sending out false news reports on its mobile sms service. Al Jazeera confirm the hack in a tweet,"We'd like to inform our subscribers that Aljazeera sms sevice is being compromised by pirates...

Dinama SMS Service Cross Site Scripting

Title: ====== Dinama SMS Service - Persistent Web Vulnerability Date: ===== 2012-02-05 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=417 VL-ID: ===== 417 Introduction: ============= Las soluciones de medios interactivos de DINAMA habilitan la comunicación bidirecciona...