23 matches found
OneUptime 访问控制错误漏洞
OneUptime is a comprehensive open-source solution developed by OneUptime. It is used to monitor and manage your online services. Versions of OneUptime prior to 10.0.42 contained a access control vulnerability. This vulnerability stemmed from the ability to access notification tests and telephone...
CVE-2026-25858
macrozheng mall version 1.0.3 and prior contains an authentication vulnerability in the mall-portal password reset workflow that allows an unauthenticated attacker to reset arbitrary user account passwords using only a victim’s telephone number. The password reset flow exposes the one-time passwo...
CVE-2026-25858
The CVE-2026-25858 issue affects macrozheng mall up to version 1.0.3 where the mall-portal password reset flow exposes the OTP in the API response and authenticates requests solely by the OTP tied to a telephone number. An unauthenticated attacker can reset arbitrary user passwords using only a k...
CVE-2026-25858 macrozheng mall <= 1.0.3 Unauthenticated Password Reset via OTP Disclosure
macrozheng mall version 1.0.3 and prior contains an authentication vulnerability in the mall-portal password reset workflow that allows an unauthenticated attacker to reset arbitrary user account passwords using only a victim’s telephone number. The password reset flow exposes the one-time passwo...
Mango discloses data breach at third-party provider
Mango has reported a data breach at one of its external marketing service providers. The Spanish fashion retailer says that only personal contact information has been exposed—no financial data. The breach took place at the service provider and did not affect Mango’s own systems. According to the...
EUVD-2020-16508
Malware in sbrugna...
CVE-2024-51720 Vulnerabilities in SecuSUITE Server Components Impact SecuSUITE
An insufficient entropy vulnerability in the SecuSUITE Secure Client Authentication SCA Server of SecuSUITE versions 5.0.420 and earlier could allow an attacker to potentially enroll an attacker-controlled device to the victim’s account and telephone number...
CVE-2024-51720
CVE-2024-51720 affects SecuSUITE Secure Client Authentication (SCA) Server, 5.0.420 and earlier. Root cause: insufficient entropy in the enrollment flow, enabling an attacker to enroll an attacker‑controlled device to a victim’s account/phone number. Additional notes from PT-2024-34867 cite lack ...
Viproy CUCDM IP Phone XML Services Speed Dial Attack Tool
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rexml/document' class MetasploitModule 'Viproy CUCDM IP Phone XML Services - Speed Dial Attack Tool', 'Description' = %q The BVSMWeb portal in the web framework...
Telephone Number Linker <= 1.2 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its telnumlink shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2023-5743
The Telephone Number Linker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'telnumlink' shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2023-5743 Telephone Number Linker <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Telephone Number Linker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'telnumlink' shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2023-5743
CVE-2023-5743 (Telephone Number Linker, WordPress) Stored Cross-Site Scripting via the plugin’s telnumlink shortcode is present in all versions up to 1.2. The vulnerability requires authenticated access (contributor-level or higher) and arises from insufficient input sanitization/output escaping ...
WordPress Plugin Telephone Number Linker Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
WordPress Telephone Number Linker Plugin <= 1.2 is vulnerable to Cross Site Scripting (XSS)
Software Telephone Number Linker Type Plugin Vulnerable versions = 1.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5743 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID fce4160970a1 Credits Lana Codes Required...
CVE-2018-20576
Orange Livebox 00.96.320S devices allow cgi-bin/autodialing.exe and cgi-bin/phonetest.exe CSRF, leading to arbitrary outbound telephone calls to an attacker-specified telephone number. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1A, Hardware 02, and Arcadyan...
CVE-2016-0847
The Telecom Component in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows attackers to spoof the originating telephone number of a call via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26864502...
CVE-2015-1113
The Sandbox Profiles component in Apple iOS before 8.3 allows attackers to read the 1 telephone number or 2 e-mail address of a recent contact via a crafted app...
CVE-2015-1113
The Sandbox Profiles component in Apple iOS before 8.3 allows attackers to read the 1 telephone number or 2 e-mail address of a recent contact via a crafted app...
CVE-2014-4367
Apple iOS before 8 enables Voice Dial during all upgrade actions, which makes it easier for physically proximate attackers to launch unintended calls by speaking a telephone number...