1756-EN2TRK Series A, B Security Vulnerabilities

PT-2021-02: Encryption bypass when downloading a firmware update in Diebold-Nixdorf RM3/CRS

PT-2021-02: Encryption bypass when downloading a firmware update in Diebold-Nixdorf RM3/CRS RM3/CRS dispenser firmware (all versions up to and including 41128 1002 RM3_CRS.BTR + 170329 2332 RM3_CRS.FRM) Severity: Severity level: High Encryption bypass when downloading a firmware update in...

PT-2021-01: Encryption bypass when downloading a firmware update in Diebold-Nixdorf CMDv5

PT-2021-01: Encryption bypass when downloading a firmware update in Diebold-Nixdorf CMDv5 CMDv5 dispenser firmware (all versions up to and including 141128 1002 CD5_ATM.BTR + 170329 2332 CD5_ATM.FRM) Severity: Severity level: High Encryption bypass when downloading a firmware update in...

nikkansan.com Cross Site Scripting vulnerability OBB-3925738

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

verify.etrustmark.rs Cross Site Scripting vulnerability OBB-3925735

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

raffalthof.com Cross Site Scripting vulnerability OBB-3925736

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

phongsgc.gomymobi.com Cross Site Scripting vulnerability OBB-3925732

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

ryanmortuary.com Cross Site Scripting vulnerability OBB-3925733

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

video.socialsharingplugin.com Cross Site Scripting vulnerability OBB-3925730

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

demo.creativeitem.com Cross Site Scripting vulnerability OBB-3925731

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

pinarello.com Cross Site Scripting vulnerability OBB-3925726

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

cannondale.com Cross Site Scripting vulnerability OBB-3925725

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

MasterParser - Powerful DFIR Tool Designed For Analyzing And Parsing Linux Logs

What is MasterParser ? MasterParser stands as a robust Digital Forensics and Incident Response tool meticulously crafted for the analysis of Linux logs within the var/log directory. Specifically designed to expedite the investigative process for security incidents on Linux systems, MasterParser...

CVE-2024-4466

SQL injection vulnerability in Gescen on the centrosdigitales.net platform. This vulnerability allows an attacker to send a specially crafted SQL query to the pass parameter and retrieve all the data stored in the...

CVE-2024-34073

sagemaker-python-sdk is a library for training and deploying machine learning models on Amazon SageMaker. In affected versions the capture_dependencies function in sagemaker.serve.save_retrive.version_1_0_0.save.utils module allows for potentially unsafe Operating System (OS) Command Injection if.....

CVE-2024-34072

sagemaker-python-sdk is a library for training and deploying machine learning models on Amazon SageMaker. The sagemaker.base_deserializers.NumpyDeserializer module before v2.218.0 allows potentially unsafe deserialization when untrusted data is passed as pickled object arrays. This consequently...

vci.de Cross Site Scripting vulnerability OBB-3925722

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Rare Interviews with Enigma Cryptanalyst Marian Rejewski

The Polish Embassy has posted a series of short interview segments with Marian Rejewski, the first person to crack the Enigma. Details from his...

missmaud.com.au Cross Site Scripting vulnerability OBB-3925720

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2024-26322

This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...

CVE-2024-26321

This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...

CVE-2024-26325

This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...

CVE-2024-26326

This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...

CVE-2024-26320

This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...

hoster.kz Cross Site Scripting vulnerability OBB-3925719

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

create.by Cross Site Scripting vulnerability OBB-3925718

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

helidrops.io Cross Site Scripting vulnerability OBB-3925717

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2024-34063

vodozemac is an implementation of Olm and Megolm in pure Rust. Versions 0.5.0 and 0.5.1 of vodozemac have degraded secret zeroization capabilities, due to changes in third-party cryptographic dependencies (the Dalek crates), which moved secret zeroization capabilities behind a feature flag and...

CVE-2024-32986

PWAsForFirefox is a tool to install, manage and use Progressive Web Apps (PWAs) in Mozilla Firefox. Due to improper sanitization of web app properties (such as name, description, shortcuts), web apps were able to inject additional lines into XDG Desktop Entries (on Linux) and AppInfo.ini (on...

creditforbusiness.ru Cross Site Scripting vulnerability OBB-3925712

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

sibgap.ru Cross Site Scripting vulnerability OBB-3925711

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

100dorog.ru Cross Site Scripting vulnerability OBB-3925710

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

topcar24.ru Cross Site Scripting vulnerability OBB-3925708

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

ettrilat.ru Cross Site Scripting vulnerability OBB-3925709

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

frihet.no Cross Site Scripting vulnerability OBB-3925707

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

romaniaroute.ro Cross Site Scripting vulnerability OBB-3925706

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

mstcecommerce.co.in Cross Site Scripting vulnerability OBB-3925703

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Exploit for CVE-2024-28757

== How to build expat with cmake (experimental) == The cmake...

Exploit for CVE-2024-28757

== How to build expat with cmake (experimental) == The cmake...

CVE-2024-33925

Missing Authorization vulnerability in Adrian Mörchen Embed Google Fonts.This issue affects Embed Google Fonts: from n/a through...

CVE-2024-33929

Missing Authorization vulnerability in wpWax Directorist.This issue affects Directorist: from n/a through...

CVE-2024-33937

Missing Authorization vulnerability in Nico Martin Progressive WordPress (PWA).This issue affects Progressive WordPress (PWA): from n/a through...

CVE-2024-33921

Broken Access Control vulnerability in ReviewX.This issue affects ReviewX: from n/a through...

CVE-2024-33931

Missing Authorization vulnerability in ilGhera JW Player for WordPress.This issue affects JW Player for WordPress: from n/a through...

CVE-2024-33923

Missing Authorization vulnerability in Smartypants SP Project & Document Manager.This issue affects SP Project & Document Manager : from n/a through...

CVE-2024-33914

Missing Authorization vulnerability in Exclusive Addons Exclusive Addons Elementor.This issue affects Exclusive Addons Elementor: from n/a through...

CVE-2024-33919

Missing Authorization vulnerability in Rometheme RomethemeKit For Elementor.This issue affects RomethemeKit For Elementor: from n/a through...

CVE-2024-33915

Missing Authorization vulnerability in Bowo Debug Log Manager.This issue affects Debug Log Manager: from n/a through...

CVE-2024-33920

Missing Authorization vulnerability in Kama Democracy Poll.This issue affects Democracy Poll: from n/a through...

CVE-2024-23912

Out-of-bounds Read vulnerability in Merge DICOM Toolkit C/C++ on Windows. When MC_Open_File() function is used to read a malformed DICOM data, it might result in over-reading memory buffer and could cause memory access...

CVE-2024-23913

Use of Out-of-range Pointer Offset vulnerability in Merge DICOM Toolkit C/C++ on Windows. When deprecated MC_XML_To_Message() function is used to read a malformed DICOM XML file, it might result in memory access...