+F FS040U, +F FS020W, +F FS030W, And +F FS040W Security Vulnerabilities

junesmodels.com Cross Site Scripting vulnerability OBB-3927654

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

oiwake-go.com Cross Site Scripting vulnerability OBB-3927655

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

signingdaysports.com Cross Site Scripting vulnerability OBB-3927653

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

rentalandparties.com Cross Site Scripting vulnerability OBB-3927652

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

kyoto-kokkou.p-kit.com Cross Site Scripting vulnerability OBB-3927650

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

softgarage.co.jp Cross Site Scripting vulnerability OBB-3927649

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

shinshikan.com Cross Site Scripting vulnerability OBB-3927648

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

currenthvac.com Cross Site Scripting vulnerability OBB-3927647

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

springcue2019.sched.com Cross Site Scripting vulnerability OBB-3927646

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

catchwine.com Cross Site Scripting vulnerability OBB-3927645

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

dewacinta.com Cross Site Scripting vulnerability OBB-3927644

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

lisinopriltabs.com Cross Site Scripting vulnerability OBB-3927641

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

demonstrations.wolfram.com Cross Site Scripting vulnerability OBB-3927640

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Exploit for Code Injection in Crushftp

CVE-2024-4040 PoC Python exploit for CVE-2024-4040...

mpmoil.com Cross Site Scripting vulnerability OBB-3927639

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Security Bulletin: IBM HTTP Server (powered by Apache) for IBM i is vulnerable to a denial of service attack using HTTP/2 protocol. [CVE-2023-44487]

Summary IBM HTTP Server (powered by Apache) used by IBM i is vulnerable to a denial of service attack due to mishandling of multiplexed streams in HTTP/2 protocol as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerability as described....

CVE-2024-4840

An flaw was found in the OpenStack Platform (RHOSP) director, a toolset for installing and managing a complete RHOSP environment. Plaintext passwords may be stored in log files, which can expose sensitive information to anyone with access to the...

reservar.vayacamping.net Cross Site Scripting vulnerability OBB-3927638

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

NocoDB SQL Injection vulnerability

Summary An authenticated attacker with create access could conduct a SQL Injection attack on MySQL DB using unescaped table_name. Details SQL Injection vulnerability occurs in VitessClient.ts. ``javascript async columnList(args: any = {}) { const func = this.columnList.name; const result...

NocoDB SQL Injection vulnerability

Summary An authenticated attacker with create access could conduct a SQL Injection attack on MySQL DB using unescaped table_name. Details SQL Injection vulnerability occurs in VitessClient.ts. ``javascript async columnList(args: any = {}) { const func = this.columnList.name; const result...

NocoDB Allows Preview of Files with Dangerous Content

Summary Attacker can upload a html file with malicious content. If user tries to open that file in browser malicious scripts can be executed leading Stored XSS(Cross-Site Script) attack. PoC NocoDB was configured using the Release Binary Noco-macos-arm64, and nocodb version 0.202.9 (currently...

NocoDB Allows Preview of Files with Dangerous Content

Summary Attacker can upload a html file with malicious content. If user tries to open that file in browser malicious scripts can be executed leading Stored XSS(Cross-Site Script) attack. PoC NocoDB was configured using the Release Binary Noco-macos-arm64, and nocodb version 0.202.9 (currently...

Police Accessed Proton Mail User Data in Terrorism Probe

By Deeba Ahmed Encrypted email services like ProtonMail and Wire promise privacy, but can they guarantee anonymity? A recent case in Spain has users questioning the limitations of encryption when law enforcement steps in. This is a post from HackRead.com Read the original post: Police Accessed...

sgrh.com Cross Site Scripting vulnerability OBB-3927635

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

premiumdata.net Cross Site Scripting vulnerability OBB-3927634

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

jeu-de-puzzle.net Cross Site Scripting vulnerability OBB-3927632

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Nokogiri updates packaged libxml2 to v2.12.7 to resolve CVE-2024-34459

Summary Nokogiri v1.16.5 upgrades its dependency libxml2 to 2.12.7 from 2.12.6. libxml2 v2.12.7 addresses CVE-2024-34459: described at https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 patched by https://gitlab.gnome.org/GNOME/libxml2/-/commit/2876ac53 Impact There is no impact to Nokogiri...

Nokogiri updates packaged libxml2 to v2.12.7 to resolve CVE-2024-34459

Summary Nokogiri v1.16.5 upgrades its dependency libxml2 to 2.12.7 from 2.12.6. libxml2 v2.12.7 addresses CVE-2024-34459: described at https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 patched by https://gitlab.gnome.org/GNOME/libxml2/-/commit/2876ac53 Impact There is no impact to Nokogiri...

@valtimo/components exposes access token to form.io

Impact When opening a form in Valtimo, the access token (JWT) of the user is exposed to api.form.io via the the x-jwt-token header. An attacker can retrieve personal information from this token, or use it to execute requests to the Valtimo REST API on behalf of the logged-in user. This issue is...

@valtimo/components exposes access token to form.io

Impact When opening a form in Valtimo, the access token (JWT) of the user is exposed to api.form.io via the the x-jwt-token header. An attacker can retrieve personal information from this token, or use it to execute requests to the Valtimo REST API on behalf of the logged-in user. This issue is...

matrix-rust-sdk contains a log exposure of private key of the server-side key backup

Introduction In Matrix, the server-side key backup stores encrypted copies of Matrix message keys. This facilitates key sharing between a user's devices and provides a redundant copy in case all devices are lost. The key backup uses asymmetric cryptography, with each server-side key backup...

matrix-rust-sdk contains a log exposure of private key of the server-side key backup

Introduction In Matrix, the server-side key backup stores encrypted copies of Matrix message keys. This facilitates key sharing between a user's devices and provides a redundant copy in case all devices are lost. The key backup uses asymmetric cryptography, with each server-side key backup...

Mantis Bug Tracker (MantisBT) vulnerable to cross-site scripting

Improper escaping of a custom field's name allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript when: - resolving or closing issues (bug_change_status_page.php) belonging to a project linking said custom field - viewing issues...

Mantis Bug Tracker (MantisBT) vulnerable to cross-site scripting

Improper escaping of a custom field's name allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript when: - resolving or closing issues (bug_change_status_page.php) belonging to a project linking said custom field - viewing issues...

beckerdesign.net Cross Site Scripting vulnerability OBB-3927631

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

gourmetaway.net Cross Site Scripting vulnerability OBB-3927629

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

lachenmeier.net Cross Site Scripting vulnerability OBB-3927627

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

cvmc.net Cross Site Scripting vulnerability OBB-3927626

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Exploit for CVE-2023-40000

cve-2023-40000 That's a PoC of cve-2023-40000. Wordpress...

Exploit for Code Injection in Openplcproject Openplc V3 Firmware

CVE-2021-31630 Exploit This PoC was originally developed by...

kacius-invest.fr Cross Site Scripting vulnerability OBB-3927625

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Security Bulletin: A vulnerability exists in IBM® SDK, Java™ Technology Edition affect IBM Tivoli Network Configuration Manager.

Summary Java on z/OS properties files not read correctly under certain locales / codepages vulnerability exists in IBM® SDK Java™ Technology Edition, Version 8, which is used by IBM Tivoli Network Configuration Manager IP Edition v6.4.2 Vulnerability Details ** IBM X-Force ID: PSIRT-ADV0103951 ...

Rapid7 Recognized in the 2024 Gartner® Magic Quadrant™ for SIEM

Command Your Attack Surface with a next-gen SIEM built for the Cloud First Era Rapid7 is excited to share that we are named a Challenger for InsightIDR in the 2024 Gartner Magic Quadrant for SIEM. In a crowded and constantly changing space, this is our sixth time to be recognized in the report....

MantisBT Vulnerable to Exposure of Sensitive Information to an Unauthorized Actor

If an issue references a note that belongs to another issue that the user doesn't have access to, then it gets hyperlinked. Clicking on the link gives an access denied error as expected, yet some information remains available via the link, link label, and tooltip. Impact Disclosure of the...

MantisBT Vulnerable to Exposure of Sensitive Information to an Unauthorized Actor

If an issue references a note that belongs to another issue that the user doesn't have access to, then it gets hyperlinked. Clicking on the link gives an access denied error as expected, yet some information remains available via the link, link label, and tooltip. Impact Disclosure of the...

Mantis Bug Tracker (MantisBT) allows user account takeover in the signup/reset password process

Insufficient access control in the registration and password reset process allows an attacker to reset another user's password and takeover their account, if the victim has an incomplete request pending. The exploit is only possible while the verification token is valid, i.e for 5 minutes after...

Mantis Bug Tracker (MantisBT) allows user account takeover in the signup/reset password process

Insufficient access control in the registration and password reset process allows an attacker to reset another user's password and takeover their account, if the victim has an incomplete request pending. The exploit is only possible while the verification token is valid, i.e for 5 minutes after...

flowerpowermuc.de Cross Site Scripting vulnerability OBB-3927624

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Security Bulletin: IBM Observability with Instana for Synthetic PoP is affected by Multiple Security Vulnerabilities

Summary Multiple vulnerabilities were addressed in IBM Observability with Instana for Synthetic PoP build 272 Vulnerability Details ** CVEID: CVE-2024-29041 DESCRIPTION: **Express.js Express could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An...

Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect IBM WebSphere Application Server and IBM WebSphere Application Server Liberty due to April 2024 CPU

Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. The CVE(s) listed in this document might affect some configurations of IBM WebSphere Application Server...