36104 matches found
botsimulator.com Cross Site Scripting vulnerability OBB-3952912
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
payment-and-card.cioreview.com Cross Site Scripting vulnerability OBB-3952903
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
teamsets4u.com Cross Site Scripting vulnerability OBB-3952892
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
shop.oji-salmon.co.jp Cross Site Scripting vulnerability OBB-3952822
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2024-7093
Dispatch's notification service uses Jinja templates to generate messages to users. Jinja permits code execution within blocks, which were neither properly sanitized nor sandboxed. This vulnerability enables users to construct command line scripts in their custom message templates, which are then...
CVE-2024-7093
CVE-2024-7093 affects Dispatch’s notification service that renders user messages via Jinja templates. The underlying issue is that Jinja blocks can execute code and were neither sanitized nor sandboxed, allowing an attacker to craft templates containing command-line scripts that execute when noti...
cellaredbeerfesr.bpt.me Cross Site Scripting vulnerability OBB-3952593
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
kirjalabyrintti.net Cross Site Scripting vulnerability OBB-3952522
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
hinterglas-und-kupferstich.de Cross Site Scripting vulnerability OBB-3952428
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2024-7342
Baidu UEditor 1.4.3.3 contains an unrestricted upload vulnerability in the endpoint /ueditor/php/controller.php?action=uploadfile&encode=utf-8, triggered by manipulating the upfile parameter. The issue enables remote initiation and has publicly disclosed exploits; multiple sources corroborate the...
PT-2024-38072 · Dispatch +1 · Dispatch +1
Name of the Vulnerable Software and Affected Versions: Dispatch affected versions not specified Description: The issue arises from Dispatch's notification service utilizing Jinja templates to generate user messages. Since Jinja allows code execution within blocks and these blocks were not properl...
ZITADEL has improper HTML sanitization in emails and Console UI
Impact ZITADEL uses HTML for emails and renders certain information such as usernames dynamically. That information can be entered by users or administrators. Due to a missing output sanitization, these emails could include malicious code. This may potentially lead to a threat where an attacker,...
CVE-2024-41953 Zitadel improperly sanitizes HTML in emails and Console UI
Zitadel is an open source identity management system. ZITADEL uses HTML for emails and renders certain information such as usernames dynamically. That information can be entered by users or administrators. Due to a missing output sanitization, these emails could include malicious code. This may...
BELL-CVE-2024-42118
Bulletin has no description...
BELL-CVE-2024-41065
Bulletin has no description...
CVE-2024-40895
FFRI AMC versions 3.4.0 to 3.5.3 and some OEM products that implement/bundle FFRI AMC versions 3.4.0 to 3.5.3 allow a remote unauthenticated attacker to execute arbitrary OS commands when certain conditions are met in an environment where the notification program setting is enabled and the...
CVE-2024-40895
FFRI AMC versions 3.4.0 to 3.5.3 and some OEM products that implement/bundle FFRI AMC versions 3.4.0 to 3.5.3 allow a remote unauthenticated attacker to execute arbitrary OS commands when certain conditions are met in an environment where the notification program setting is enabled and the...
CVE-2024-40895
FFRI AMC contains an OS command injection (CWE-78) vulnerability affecting versions 3.4.0–3.5.3 (and some OEM bundles) where, if the notification program setting is enabled and the executable path ends with a batch/command file, a remote unauthenticated attacker can execute arbitrary OS commands....
FFRI AMC vulnerable to OS command injection
Overview FFRI AMC provided by FFRI Security, Inc. is a management console for the endpoint security product FFRI yarai and ActSecure X. FFRI AMC contains an OS command injection vulnerability CWE-78. It is exploitable when the notification program setting is enabled, the executable file path is...
PT-2024-29133 · Ffri · Ffri Amc
Name of the Vulnerable Software and Affected Versions: FFRI AMC versions 3.4.0 to 3.5.3 Some OEM products that implement/bundle FFRI AMC versions 3.4.0 to 3.5.3 Description: The issue allows a remote unauthenticated attacker to execute arbitrary OS commands when certain conditions are met in an...