Lucene search
K

206 matches found

OSV
OSV
added 2022/09/08 9:15 p.m.3 views

CVE-2022-38267

School Activity Updates with SMS Notification v1.0 was discovered to contain a SQL injection vulnerability via the component /modules/user/index.php?view=edit&id=...

7.2CVSS5.8AI score0.00762EPSS
Exploits1References1
CNNVD
CNNVD
added 2022/09/08 12:0 a.m.8 views

School Activity Updates with SMS Notification v1.0 SQL注入漏洞

School Activity Updates with SMS Notification is an online activity update with SMS notification from janobe Personal Developer. It is used to ensure that every student receives an SMS notification every time there is an activity in the school. A security vulnerability exists in School Activity...

7.2CVSS7.2AI score0.00762EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/09/08 12:0 a.m.5 views

School Activity Updates with SMS Notification v1.0 SQL注入漏洞

School Activity Updates with SMS Notification is an online activity update with SMS notification from janobe Personal Developer. It is used to ensure that every student receives an SMS notification every time there is a school activity. A security vulnerability exists in School Activity Updates...

7.2CVSS7.2AI score0.00762EPSS
Exploits1References2
OSV
OSV
added 2022/08/11 3:15 p.m.4 views

CVE-2022-20241

In Messaging, there is a possible way to attach a private file to an SMS message due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

3.3CVSS5.9AI score0.0009EPSS
Exploits0References1
Securelist
Securelist
added 2022/05/06 10:0 a.m.38 views

Mobile subscription Trojans and their little tricks

Billing fraud is one of the most common sources of income for cybercriminals. There are currently a number of known mobile Trojans specializing in secretly subscribing users to paid services. They usually pay for legitimate services in a users name and scammers take a cut from the money billed...

0.4AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2022/05/02 10:15 p.m.5 views

CVE-2022-23722

When a password reset mechanism is configured to use the Authentication API with an Authentication Policy, email One-Time Password, PingID or SMS authentication, an existing user can reset another existing user’s password...

6.5CVSS6.6AI score0.00571EPSS
Exploits0References3Affected Software1
Circl
Circl
added 2022/04/19 8:24 p.m.7 views

CVE-2021-39033

creationtimestamp| type| source ---|---|--- 2022-04-19 20:24:38+00:00| seen| https://t.me/cibsecurity/41109...

6.5CVSS4.8AI score0.01007EPSS
Exploits0References1
Malwarebytes
Malwarebytes
added 2022/03/10 1:31 p.m.18 views

Extortion scheme impersonates government officials, law enforcement

The FBI issued a public warning this week about a fraud scheme wherein scammers impersonate government officials and law enforcement personnel. According to the PSA, the scammers spoof legitimate numbers and names and use fake credentials of well-known members of the government and law enforcemen...

1.4AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2022/02/10 11:15 p.m.7 views

CVE-2022-24646

Hospital Management System v4.0 was discovered to contain a SQL injection vulnerability in /Hospital-Management-System-master/contact.php via the txtMsg parameters...

7.8CVSS7.2AI score0.01721EPSS
Exploits5References4
Positive Technologies
Positive Technologies
added 2022/02/10 12:0 a.m.7 views

PT-2022-16772 · Unknown · Hospital Management System

Name of the Vulnerable Software and Affected Versions: Hospital Management System version 4.0 Description: The issue is related to a SQL injection vulnerability. It affects the /Hospital-Management-System-master/contact.php endpoint via the txtMsg parameters. Recommendations: For Hospital...

9.8CVSS8.7AI score0.08244EPSS
Exploits5References6
ATTACKERKB
ATTACKERKB
added 2021/12/01 4:15 p.m.2 views

CVE-2021-44480

Wokka Lokka Q50 devices through 2021-11-30 allow remote attackers who know the SIM phone number and password to listen to a device's surroundings via a callback in an SMS command, as demonstrated by the 123456 and 523681 default passwords...

9.3CVSS7.3AI score0.01041EPSS
Exploits0References2
hivepro
hivepro
added 2021/09/16 1:49 p.m.61 views

Apple fixes the zero-day vulnerabilities exploited by Pegasus spyware named “FORCEDENTRY”

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. Two actively exploited vulnerabilities CVE-2021-30858 and CVE-2021-30860 have been fixed in Apples iOS 14.8, iPadOS 14.8, watchOS 7.6.2, macOS Big Sur 11.6, and Safari 14.1.2 releases. The NSO group carried out the attack by...

6.8CVSS0.5AI score0.75994EPSS
Exploits2
Malwarebytes
Malwarebytes
added 2021/09/06 10:48 a.m.18 views

A week in security (August 30 – September 5)

Last week on Malwarebytes Labs ProxyToken: another nail-biter from Microsoft Exchange Macs turn on apps signed by Symantec, treat them as malware Google Play sign-ins can be abused to track another person’s movements FTC bans SpyFone and its CEO from continuing to sell stalkerware BrakTooth...

0.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/09/01 11:14 a.m.28 views

Zero-Click iPhone Exploits

Citizen Lab is reporting on two zero-click iMessage exploits, in spyware sold by the cyberweapons arms manufacturer NSO Group to the Bahraini government. These are particularly scary exploits, since they dont require to victim to do anything, like click on a link or open a file. The victim receiv...

0.5AI score
Exploits0
Veracode
Veracode
added 2021/07/14 9:3 p.m.19 views

Privilege Escalation

firefox is vulnerable to privilege escalation. The vulnerability exists due to the unknown processing of the component Text Message Handler...

6.5CVSS2.5AI score0.00965EPSS
Exploits1References4Affected Software6
ThreatPost
ThreatPost
added 2021/04/26 8:28 p.m.66 views

Flubot Spyware Spreading Through Android Devices

Android mobile phone users across the U.K. and Europe are being targeted by text messages containing a particularly nasty piece of spyware called “Flubot,” according to the U.K.’s National Cyber Security Centre. And the U.S. could be the next target. Victims are asked to download a fake app from ...

0.4AI score
Exploits0References14
The Hacker News
The Hacker News
added 2021/04/07 7:16 a.m.6 views

Pre-Installed Malware Dropper Found On German Gigaset Android Phones

In what appears to be a fresh twist in Android malware, users of Gigaset mobile devices are encountering unwanted apps that are being downloaded and installed through a pre-installed system update app. "The culprit installing these malware apps is the Update app, package name com.redstone.ota.ui,...

5.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/03/15 8:2 p.m.59 views

Royal Mail scam says your parcel is waiting for delivery

Expecting a delivery? Watch out for phishing attempts warning of held packages and bogus shipping fees. This Royal Mail delivery scam begins with a text message out of the blue, claiming: Your Royal Mail parcel is waiting for delivery. Please confirm the settlement amount of 2.99 GBP via:...

7AI score
Exploits0
CNNVD
CNNVD
added 2021/02/16 12:0 a.m.7 views

Racom 跨站脚本漏洞

The RACOM M!DGE is a cellular router designed for SCADA and telemetry mission-critical applications and is ideally suited for many different wireless applications. A cross-site scripting vulnerability exists in the RACOM M!DGE firmware version 4.4.40.105. An attacker can exploit this vulnerabilit...

4.8CVSS5.8AI score0.00468EPSS
Exploits0References2
OSV
OSV
added 2020/10/27 8:15 p.m.4 views

CVE-2018-4390

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan, watchOS 4.3, iOS 12.1. Processing a maliciously crafted text message may lead to UI spoofi...

5.5CVSS8.2AI score0.00855EPSS
Exploits0References3
Rows per page
Query Builder