217 matches found
PT-2021-7393 · Usbredir +5 · Usbredir +5
Name of the Vulnerable Software and Affected Versions: usbredir versions prior to 0.11.0 Description: A use-after-free issue was found in the usbredirparser serialize function in usbredirparser/usbredirparser.c. This occurs when serializing large amounts of buffered write data, particularly in...
Liferay Portal 和 Liferay DXP 输入验证错误漏洞
Liferay Portal and Liferay DXP are both products of Liferay, a J2EE-based portal solution that uses EJB and JMS technologies and serves as a web publishing and shared workspace, enterprise collaboration platform, social network, etc. Liferay DXP is a digital experience collaboration platform...
New Relic: User without "View/Modify/Delete" permissions on "Destinations" can view/modify & delete Destinations
@archangel reported that an elevation-of-privilege in the Destinations functions could have allowed a user to view Destinations without having the rights to do so due to an IDOR Incorrect Direct Object Reference...
Mozilla: Content Security Policy violation report could have contained the destination of a redirect
If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs. This vulnerability affects Firefox 86,...
CVE-2020-3482
A vulnerability in the Traversal Using Relays around NAT TURN server component of Cisco Expressway software could allow an unauthenticated, remote attacker to bypass security controls and send network traffic to restricted destinations. The vulnerability is due to improper validation of specific...
map.adventurousdestinations.com Cross Site Scripting vulnerability OBB-1245097
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
[SECURITY] Fedora 30 Update: tor-0.4.2.7-1.fc30
The Tor network is a group of volunteer-operated servers that allows people to improve their privacy and security on the Internet. Tor's users employ this network by connecting through a series of virtual tunnels rather than makin g a direct connection, thus allowing both organizations and...
destinations-travel-namibia.com Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1120867 Security Researcher osvaldohp Helped patch 1 vulnerabilities Received 0 Coordinated Disclosure badges , found a security vulnerability affecting destinations-travel-namibia.com website and its users. Following coordinated and responsible vulnerability disclosure...
Code injection
Samsung Galaxy S3/S4 exposes an unprotected component allowing an unprivileged app to send arbitrary SMS texts to arbitrary destinations without permission...
wedding-destinations.focus.tv Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1033386 Security Researcher devl00p Helped patch 3021 vulnerabilities Received 10 Coordinated Disclosure badges Received 15 recommendations , a holder of 10 badges for responsible and coordinated disclosure, found a security vulnerability affecting...
CVE-2018-10928
A flaw was found in RPC request using gfs3symlinkreq in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume. An authenticated attacker could use this flaw to create arbitrary symlinks pointing anywhere on the server and execute arbitrary code on...
CentOS Web Panel Input Validation Error Vulnerability
CentOS Web Panel CWP is a free web hosting control panel. An input validation error vulnerability exists in CentOS Web Panel version 0.9.8.851, which can be exploited by an attacker to remove email forwarding destinations from an affected user's account...
Design/Logic Flaw
A flaw was found in RPC request using gfs3symlinkreq in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume. An authenticated attacker could use this flaw to create arbitrary symlinks pointing anywhere on the server and execute arbitrary code on...
westgatedestinations.com XSS vulnerability
Open Bug Bounty ID: OBB-661032 Description| Value ---|--- Affected Website:| westgatedestinations.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
madamevacances.com XSS vulnerability
Open Bug Bounty ID: OBB-646362 Description| Value ---|--- Affected Website:| madamevacances.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
iacworldwide.com XSS vulnerability
Open Bug Bounty ID: OBB-623992 Description| Value ---|--- Affected Website:| iacworldwide.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
CVE-2018-0883
Windows Shell in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016 and Windows Server, version 1709 allows a remote code execution vulnerability due to how file copy destinations...
wired-destinations.com XSS vulnerability
Open Bug Bounty ID: OBB-543619 Description| Value ---|--- Affected Website:| wired-destinations.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
finaldestinations.co.uk XSS vulnerability
Open Bug Bounty ID: OBB-446027 Description| Value ---|--- Affected Website:| finaldestinations.co.uk Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention...
CVE-2017-14390
In Cloud Foundry Foundation cf-deployment v0.35.0, a misconfiguration with Loggregator and syslog-drain causes logs to be drained to unintended locations...