'MyPallete' And Some Of The Android Banking Applications That Use 'MyPallete' Security Vulnerabilities

anuarioseguros.lat Cross Site Scripting vulnerability OBB-3938257

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

anonymous-tunisia.org Cross Site Scripting vulnerability OBB-3938256

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

ajmrhs.com Cross Site Scripting vulnerability OBB-3938250

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

aaareplicawatch.com Cross Site Scripting vulnerability OBB-3938247

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

action.news Cross Site Scripting vulnerability OBB-3938248

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

villa.marcelline.qc.ca Cross Site Scripting vulnerability OBB-3938244

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

ttu.uloop.com Cross Site Scripting vulnerability OBB-3938243

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

sms.provisioncoalition.com Cross Site Scripting vulnerability OBB-3938240

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

shop.gekirock.com Cross Site Scripting vulnerability OBB-3938239

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

shop.davidbowie.com Cross Site Scripting vulnerability OBB-3938238

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

ressources.shna-ofab.fr Cross Site Scripting vulnerability OBB-3938235

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

news.kiit.ac.in Cross Site Scripting vulnerability OBB-3938233

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

kyosai-web.smrj.go.jp Cross Site Scripting vulnerability OBB-3938231

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Path Traversal

lollms is vulnerable to Path Traversal. The vulnerability is due to inadequate input sanitization of the data.category and data.folder parameters, allowing attackers to navigate beyond the intended directory structure. The attacker can create a config.yaml file in a controllable path, which can be....

forex-money.ucoz.com Cross Site Scripting vulnerability OBB-3938225

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

encuentra.enfermeria21.com Cross Site Scripting vulnerability OBB-3938222

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2024-4460

A denial of service (DoS) vulnerability exists in zenml-io/zenml version 0.56.3 due to improper handling of line feed (\n) characters in component names. When a low-privileged user adds a component through the API endpoint api/v1/workspaces/default/components with a name containing a \n character,....

CVE-2024-24553

Bludit uses the SHA-1 hashing algorithm to compute password hashes. Thus, attackers could determine cleartext passwords with brute-force attacks due to the inherent speed of SHA-1. In addition, the salt that is computed by Bludit is generated with a non-cryptographically secure...

CVE-2024-24553

Bludit uses the SHA-1 hashing algorithm to compute password hashes. Thus, attackers could determine cleartext passwords with brute-force attacks due to the inherent speed of SHA-1. In addition, the salt that is computed by Bludit is generated with a non-cryptographically secure...

CVE-2024-4460

A denial of service (DoS) vulnerability exists in zenml-io/zenml version 0.56.3 due to improper handling of line feed (\n) characters in component names. When a low-privileged user adds a component through the API endpoint api/v1/workspaces/default/components with a name containing a \n character,....

CVE-2024-24552

A session fixation vulnerability in Bludit allows an attacker to bypass the server's authentication if they can trick an administrator or any other user into authorizing a session ID of their...

CVE-2024-24551

A security vulnerability has been identified in Bludit, allowing authenticated attackers to execute arbitrary code through the Image API. This vulnerability arises from improper handling of file uploads, enabling malicious actors to upload and execute PHP...

CVE-2024-24552

A session fixation vulnerability in Bludit allows an attacker to bypass the server's authentication if they can trick an administrator or any other user into authorizing a session ID of their...

CVE-2024-24551

A security vulnerability has been identified in Bludit, allowing authenticated attackers to execute arbitrary code through the Image API. This vulnerability arises from improper handling of file uploads, enabling malicious actors to upload and execute PHP...

CVE-2024-24550

A security vulnerability has been identified in Bludit, allowing attackers with knowledge of the API token to upload arbitrary files through the File API which leads to arbitrary code execution on the server. This vulnerability arises from improper handling of file uploads, enabling malicious...

CVE-2024-24550

A security vulnerability has been identified in Bludit, allowing attackers with knowledge of the API token to upload arbitrary files through the File API which leads to arbitrary code execution on the server. This vulnerability arises from improper handling of file uploads, enabling malicious...

Improper Access Control

studiomitte/friendlycaptcha is vulnerable to Improper Access Control. The vulnerability is due to the extension failing to check the captcha field requirement in submitted form data, which lets an attacker bypass the captcha...

CVE-2024-24554 Bludit - Insecure Token Generation

Bludit uses predictable methods in combination with the MD5 hashing algorithm to generate sensitive tokens such as the API token and the user token. This allows attackers to authenticate against the Bludit...

CVE-2024-24554 Bludit - Insecure Token Generation

Bludit uses predictable methods in combination with the MD5 hashing algorithm to generate sensitive tokens such as the API token and the user token. This allows attackers to authenticate against the Bludit...

CVE-2024-24553 Bludit uses SHA1 as Password Hashing Algorithm

Bludit uses the SHA-1 hashing algorithm to compute password hashes. Thus, attackers could determine cleartext passwords with brute-force attacks due to the inherent speed of SHA-1. In addition, the salt that is computed by Bludit is generated with a non-cryptographically secure...

CVE-2024-24553 Bludit uses SHA1 as Password Hashing Algorithm

Bludit uses the SHA-1 hashing algorithm to compute password hashes. Thus, attackers could determine cleartext passwords with brute-force attacks due to the inherent speed of SHA-1. In addition, the salt that is computed by Bludit is generated with a non-cryptographically secure...

CVE-2024-24552 Bludit is Vulnerable to Session Fixation

A session fixation vulnerability in Bludit allows an attacker to bypass the server's authentication if they can trick an administrator or any other user into authorizing a session ID of their...

CVE-2024-24552 Bludit is Vulnerable to Session Fixation

A session fixation vulnerability in Bludit allows an attacker to bypass the server's authentication if they can trick an administrator or any other user into authorizing a session ID of their...

CVE-2024-24551 Bludit - Remote Code Execution (RCE) through Image API

A security vulnerability has been identified in Bludit, allowing authenticated attackers to execute arbitrary code through the Image API. This vulnerability arises from improper handling of file uploads, enabling malicious actors to upload and execute PHP...

CVE-2024-24551 Bludit - Remote Code Execution (RCE) through Image API

A security vulnerability has been identified in Bludit, allowing authenticated attackers to execute arbitrary code through the Image API. This vulnerability arises from improper handling of file uploads, enabling malicious actors to upload and execute PHP...

Brute Force Attack

ezsystems/ezplatform-user is vulnerable to Brute Force Attack. The vulnerability is due to the password reset functionality not having sufficient protections against brute force attacks, allowing attackers to repeatedly attempt different passwords to gain unauthorized access to user...

A week in security (June 17 – June 23)

Last week on Malwarebytes Labs: Microsoft Recall delayed after privacy and security concerns (Almost) everything you always wanted to know about cybersecurity, but were too afraid to ask, with Tjitske de Vries: Lock and Code S05E13 43% of couples experience pressure to share logins and locations,.....

CVE-2024-24550 Bludit - Remote Code Execution (RCE) through File API

A security vulnerability has been identified in Bludit, allowing attackers with knowledge of the API token to upload arbitrary files through the File API which leads to arbitrary code execution on the server. This vulnerability arises from improper handling of file uploads, enabling malicious...

CVE-2024-24550 Bludit - Remote Code Execution (RCE) through File API

A security vulnerability has been identified in Bludit, allowing attackers with knowledge of the API token to upload arbitrary files through the File API which leads to arbitrary code execution on the server. This vulnerability arises from improper handling of file uploads, enabling malicious...

azarinecosmetic.com Cross Site Scripting vulnerability OBB-3938215

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Insecure Direct Object Reference (IDOR)

jweiland/events2 is vulnerable to Insecure Direct Object Reference (IDOR). The vulnerability is due to missing access checks in the management plugin, which allows an attacker to activate or delete events without...

CVE-2024-4460 DoS Vulnerability in zenml-io/zenml

A denial of service (DoS) vulnerability exists in zenml-io/zenml version 0.56.3 due to improper handling of line feed (\n) characters in component names. When a low-privileged user adds a component through the API endpoint api/v1/workspaces/default/components with a name containing a \n character,....

web1.spartanien.de Cross Site Scripting vulnerability OBB-3938214

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

spartanien.de Cross Site Scripting vulnerability OBB-3938213

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

[SECURITY] Fedora 40 Update: python-PyMySQL-1.1.1-1.fc40

This package contains a pure-Python MySQL client library. The goal of PyMyS QL is to be a drop-in replacement for MySQLdb and work on CPython, PyPy, IronPyth on and...

showcase.kumparan.com Cross Site Scripting vulnerability OBB-3938212

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

salleurl.edu Cross Site Scripting vulnerability OBB-3938211

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2024-4900

The SEOPress WordPress plugin before 7.8 does not validate and escape one of its Post settings, which could allow contributor and above role to perform Open redirect attacks against any user viewing a malicious...

CVE-2024-4899

The SEOPress WordPress plugin before 7.8 does not sanitise and escape some of its Post settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting...

CVE-2024-4900

The SEOPress WordPress plugin before 7.8 does not validate and escape one of its Post settings, which could allow contributor and above role to perform Open redirect attacks against any user viewing a malicious...