112 matches found
Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Intelligent Operations Center (CVE-2019-4271)
Summary IBM WebSphere Application Server is shipped with IBM Intelligent Operations Center. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Consult the security bulletin, Security Bulletin: HTTP...
Code injection
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin console is vulnerable to a Client-side HTTP parameter pollution vulnerability. IBM X-Force ID: 160243...
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Business Monitor (CVE-2019-4271)
Summary IBM WebSphere Application Server is shipped as a component of Business Monitor. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Please consult the security bulletin HTTP Parameter Pollution...
Security Bulletin: HTTP Parameter Pollution and XSS vulnerability in WebSphere Application Server Admin Console ND (CVE-2019-4271)
Summary There is a Client-side HTTP parameter pollution vulnerability and a Cross-site scripting vulnerability in WebSphere Application Server Admin Console. Vulnerability Details CVEID: CVE-2019-4271 DESCRIPTION: IBM WebSphere Application Server Admin console is vulnerable to a Client-side HTTP...
CVE-2019-13143
An HTTP parameter pollution issue was discovered on Shenzhen Dragon Brothers Fingerprint Bluetooth Round Padlock FB50 2.3. With the user ID, user name, and the lock's MAC address, anyone can unbind the existing owner of the lock, and bind themselves instead. This leads to complete takeover of the...
CVE-2019-13143
An HTTP parameter pollution issue was discovered on Shenzhen Dragon Brothers Fingerprint Bluetooth Round Padlock FB50 2.3. With the user ID, user name, and the lock's MAC address, anyone can unbind the existing owner of the lock, and bind themselves instead. This leads to complete takeover of the...
CVE-2019-13143
An HTTP parameter pollution issue was discovered on Shenzhen Dragon Brothers Fingerprint Bluetooth Round Padlock FB50 2.3. With the user ID, user name, and the lock's MAC address, anyone can unbind the existing owner of the lock, and bind themselves instead. This leads to complete takeover of the...
Buffer overflow
An HTTP parameter pollution issue was discovered on Shenzhen Dragon Brothers Fingerprint Bluetooth Round Padlock FB50 2.3. With the user ID, user name, and the lock's MAC address, anyone can unbind the existing owner of the lock, and bind themselves instead. This leads to complete takeover of the...
CVE-2019-13143
An HTTP parameter pollution issue was discovered on Shenzhen Dragon Brothers Fingerprint Bluetooth Round Padlock FB50 2.3. With the user ID, user name, and the lock's MAC address, anyone can unbind the existing owner of the lock, and bind themselves instead. This leads to complete takeover of the...
CVE-2019-13143
CVE-2019-13143 affects Shenzhen Dragon Brothers Fingerprint Bluetooth Round Padlock FB50 v2.3. The issue is an HTTP parameter pollution vulnerability that allows an attacker to unbind the current lock owner and bind themselves using the user ID, user name, and the lock MAC address exposed via And...
PT-2019-13151 · Shenzhen Dragon Brothers · Shenzhen Dragon Brothers Fingerprint Bluetooth Round Padlock Fb50
Name of the Vulnerable Software and Affected Versions: Shenzhen Dragon Brothers Fingerprint Bluetooth Round Padlock FB50 version 2.3 Description: An HTTP parameter pollution issue allows attackers to unbind the existing owner of the lock and bind themselves instead, leading to complete takeover o...
Soleo: Directory Traversal + HTTP Paramater Pollution leaking SQL/LDAP credentials
Upon visiting the login page of a provider’s IP Relay client, we noticed that if someone were to click the “forgot password” link, it would bring them to a URL which appeared as the following: https://./IPRelayApp/servlet/IPRelay?page=forgotPassword When attempting to modify the "page" GET...
carsforsale.motortrend.com XSS vulnerability
Open Bug Bounty ID: OBB-643617 Description| Value ---|--- Affected Website:| carsforsale.motortrend.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
manuales.cursoscnc.com XSS vulnerability
Open Bug Bounty ID: OBB-620244 Description| Value ---|--- Affected Website:| manuales.cursoscnc.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
usnewsglobaleducation.com XSS vulnerability
Open Bug Bounty ID: OBB-619845 Description| Value ---|--- Affected Website:| usnewsglobaleducation.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
dredge7inn.com XSS vulnerability
Open Bug Bounty ID: OBB-619668 Description| Value ---|--- Affected Website:| dredge7inn.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
fallbrookchamberofcommerce.org XSS vulnerability
Open Bug Bounty ID: OBB-609322 Description| Value ---|--- Affected Website:| fallbrookchamberofcommerce.org Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
Slack: HTTP parameter pollution from outdated Greenhouse.io JS dependency
Slack's career page was using an outdated Greenhouse JavaScript dependency which resulted in an HTTP parameter pollution vulnerability. This would have allowed the loading of external Greenhouse forms not owned by Slack. We updated the Javascript and the issue is resolved. Thanks @irvinlim! The...
gbstamp.co.uk XSS vulnerability
Open Bug Bounty ID: OBB-597261 Description| Value ---|--- Affected Website:| gbstamp.co.uk Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
CVE-2016-8535
A remote HTTP parameter Pollution vulnerability in HPE Matrix Operating Environment version 7.6 was found...