78 matches found
CVE-2023-39013
Duke v1.2 and below was discovered to contain a code injection vulnerability via the component no.priv.garshol.duke.server.CommonJTimer.init...
CVE-2023-39013
Duke v1.2 and below was discovered to contain a code injection vulnerability via the component no.priv.garshol.duke.server.CommonJTimer.init...
Code injection
Duke v1.2 and below was discovered to contain a code injection vulnerability via the component no.priv.garshol.duke.server.CommonJTimer.init...
Duke 代码注入漏洞
Duke is a fast and flexible deduplication or entity resolution, or record linking engine written in Java on top of Lucene by Lars Marius Garshol, a personal developer. A security vulnerability exists in Duke v1.2 and earlier versions, which stems from a code injection vulnerability in the compone...
CVE-2023-39013
Duke v1.2 and below was discovered to contain a code injection vulnerability via the component no.priv.garshol.duke.server.CommonJTimer.init...
PT-2023-26736 · Duke · Duke
Name of the Vulnerable Software and Affected Versions: Duke versions 1.2 and below Description: The issue is related to a code injection vulnerability via the component no.priv.garshol.duke.server.CommonJTimer.init. Recommendations: For Duke versions 1.2 and below, consider disabling the...
CVE-2023-39013
Duke v1.2 and below was discovered to contain a code injection vulnerability via the component no.priv.garshol.duke.server.CommonJTimer.init...
CVE-2023-39013
Summary: CVE-2023-39013 affects Duke v1.2 and earlier. A code injection vulnerability exists in the CommonsJTimer.init component (no.priv.garshol.duke.server.CommonJTimer.init). The issue enables potential arbitrary code execution via unfiltered LDAP lookups in that method. Documents consistently...
cgi.cs.duke.edu Cross Site Scripting vulnerability OBB-3269612
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Android Users Beware: New Hook Malware with RAT Capabilities Emerges
The threat actor behind the BlackRock and ERMAC Android banking trojans has unleashed yet another malware for rent called Hook that introduces new capabilities to access files stored in the devices and create a remote interactive session. ThreatFabric, in a report shared with The Hacker News,...
GO-2022-1114 ZipSlip when unzipping files in github.com/duke-git/lancet
A ZipSlip vulnerability exists when using the fileutil package to unzip files...
How a senior product manager is leading the passwordless movement at Microsoft
May 5, 2022, is World Password Day, a day we all use to create awareness around password security. At Microsoft, we choose to celebrate replacing passwords with better and more secure ways to sign in. I can’t think of a better person at Microsoft to represent this journey than Libby Brown, a seni...
strategicplan.duke.edu Improper Access Control vulnerability OBB-2181975
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
ags.duke.edu Improper Access Control vulnerability
Open Bug Bounty ID: OBB-1067467 Security Researcher devl00p Helped patch 2581 vulnerabilities Received 10 Coordinated Disclosure badges Received 15 recommendations , a holder of 10 badges for responsible and coordinated disclosure, found a security vulnerability affecting ags.duke.edu website and...
livinghistory.sanford.duke.edu Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1006770 Security Researcher devl00p Helped patch 2581 vulnerabilities Received 10 Coordinated Disclosure badges Received 15 recommendations , a holder of 10 badges for responsible and coordinated disclosure, found a security vulnerability affecting...
Bomb Threat Hoaxer Exposed by Hacked Gaming Site
Federal authorities this week arrested a North Carolina man who allegedly ran with a group of online hooligans that attacked Web sites including this one, took requests on Twitter to call in bomb threats to thousands of schools, and tried to frame various online gaming sites as the culprits. In a...
mon-01.econ.duke.edu XSS vulnerability
Open Bug Bounty ID: OBB-678119 Description| Value ---|--- Affected Website:| mon-01.econ.duke.edu Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
Leader of DDoS-for-Hire Gang Pleads Guilty to Bomb Threats
A 19-year-old man from the United Kingdom who headed a cybercriminal group whose motto was "Feds Can't Touch Us" pleaded guilty this week to making bomb threats against thousands of schools. On Aug. 31, officers with the U.K.'s National Crime Agency NCA arrested Hertfordshire resident George...
dukestores.duke.edu XSS vulnerability
Open Bug Bounty ID: OBB-625496 Description| Value ---|--- Affected Website:| dukestores.duke.edu Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
qtmodule.dcri.duke.edu XSS vulnerability
Open Bug Bounty ID: OBB-564793 Description| Value ---|--- Affected Website:| qtmodule.dcri.duke.edu Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...