bonfilio.choikedelivery.com Cross Site Scripting vulnerability OBB-1279433

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Airshare - Cross-platform Content Sharing In A Local Network

Airshare is a Python-based CLI tool and module that lets you transfer data between two machines in a local network, P2P, using Multicast-DNS. It also opens an HTTP gateway for other non-CLI external interfaces. It works completely offline! Built with aiohttp and zeroconf. Checkout the demo...

h1-ctf: [h1-415 2020] SSRF in a headless chrome with remote debugging leads to sensible information leak

Summary: Converter is using headless chrome with remote debbuging by rendring a page where we have out name, with which we can get xss leads to ssrf By using the remote debbugging with that ssrf we can grab the info all tabs in that chrome wher we can get even the flag document. Steps To Reproduc...

h1-ctf: [h1-415 2020] finally

add or chars behind Joberts email, which leaks on the login page 2. register a new account using that email 3. sign out and use the recover feature with the just generated qr code. this will get you into Joberts account 3. head to /support and submit a blind XSS payload which extracts the...

Information Disclosure

endroid/qr-code is vulnerable to information disclosure. The logo is not validated to contain valid image data, allowing an attacker to specify a non-image data and retrieve data from non-image files...

BCM Messenger: Account Takeover with old password and login QR

BCM servers don't store users' passwords, and the private keys are stored locally. If you change the password, the data in the old QR code will not be revoked. Please read the warnings during registration and backup, and protect your account credentials. Thank you! When someone wants to log into...

openSUSE Security Update : opera (openSUSE-2019-2107)

This update for opera fixes the following issues : Opera was updated to version 63.0.3368.66 : - CHR-7525 Update chromium on desktop-stable-76-3368 to 76.0.3809.132 - DNA-74031 Download indicator doesnt match progress - DNA-77042 Something went wrong message in crypto wallet in private window -...

CVE-2015-9522

The Easy Digital Downloads EDD QR Code extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because addqueryarg is misused...

CVE-2015-9522

The CVE-2015-9522 entry concerns the Easy Digital Downloads (EDD) QR Code extension for WordPress. Affected versions include 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, where an XSS vulnerability exists due to misus...

CVE-2015-9522

The Easy Digital Downloads EDD QR Code extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because addqueryarg is misused...

QR code scam can clean out your bank account

“Excuse me sir, can I ask you for a favor? I want to pay for parking my car in this spot, but there are no machines around that accept cash. If I give you five dollars in cash, can you pay the parking for me? All you need to do is scan this QR code with your banking app.” Of course, John felt the...

CVE-2019-12821

A vulnerability was found in the app 2.0 of the Shenzhen Jisiwei i3 robot vacuum cleaner, while adding a device to the account using a QR-code. The QR-code follows an easily predictable pattern that depends only on the specific device ID of the robot vacuum cleaner. By generating a QR-code...

Code injection

A vulnerability was found in the app 2.0 of the Shenzhen Jisiwei i3 robot vacuum cleaner, while adding a device to the account using a QR-code. The QR-code follows an easily predictable pattern that depends only on the specific device ID of the robot vacuum cleaner. By generating a QR-code...

FaceSentry Access Control System 6.4.8 - Remote Command Injection Vulnerability

Exploit for hardware platform in category web applications FaceSentry Access Control System 6.4.8 Remote Command Injection Vendor: iWT Ltd. Product web page: http://www.iwt.com.hk Affected version: Firmware 6.4.8 build 264 Algorithm A16 Firmware 5.7.2 build 568 Algorithm A14 Firmware 5.7.0 build...

FaceSentry Access Control System 6.4.8 - Remote Root Exploit

Exploit for hardware platform in category web applications !/usr/bin/env python -- coding: utf-8 -- FaceSentry Access Control System 6.4.8 Remote Root Exploit Vendor: iWT Ltd. Product web page: http://www.iwt.com.hk Affected version: Firmware 6.4.8 build 264 Algorithm A16 Firmware 5.7.2 build 568...

FaceSentry Access Control System 6.4.8 - Cross-Site Request Forgery Vulnerability

Exploit for hardware platform in category web applications FaceSentry Access Control System 6.4.8 Cross-Site Request Forgery Vendor: iWT Ltd. Product web page: http://www.iwt.com.hk Affected version: Firmware 6.4.8 build 264 Algorithm A16 Firmware 5.7.2 build 568 Algorithm A14 Firmware 5.7.0 buil...

FaceSentry Access Control System 6.4.8 Reflected Cross Site Scripting

FaceSentry Access Control System 6.4.8 Reflected Cross-Site Scripting Vendor: iWT Ltd. Product web page: http://www.iwt.com.hk Affected version: Firmware 6.4.8 build 264 Algorithm A16 Firmware 5.7.2 build 568 Algorithm A14 Firmware 5.7.0 build 539 Algorithm A14 Summary: FaceSentry 5AN is a...

FaceSentry Access Control System 6.4.8 - Remote SSH Root

!/usr/bin/env python -- coding: utf-8 -- FaceSentry Access Control System 6.4.8 Remote SSH Root Access Exploit Vendor: iWT Ltd. Product web page: http://www.iwt.com.hk Affected version: Firmware 6.4.8 build 264 Algorithm A16 Firmware 5.7.2 build 568 Algorithm A14 Firmware 5.7.0 build 539 Algorith...

FaceSentry Access Control System 6.4.8 - Cross-Site Request Forgery

FaceSentry Access Control System 6.4.8 Cross-Site Request Forgery Vendor: iWT Ltd. Product web page: http://www.iwt.com.hk Affected version: Firmware 6.4.8 build 264 Algorithm A16 Firmware 5.7.2 build 568 Algorithm A14 Firmware 5.7.0 build 539 Algorithm A14 Summary: FaceSentry 5AN is a...

FaceSentry Access Control System 6.4.8 - Remote Root Exploit

FaceSentry Access Control System 6.4.8 - Remote Root Exploit !/usr/bin/env python -- coding: utf-8 -- FaceSentry Access Control System 6.4.8 Remote Root Exploit Vendor: iWT Ltd. Product web page: http://www.iwt.com.hk Affected version: Firmware 6.4.8 build 264 Algorithm A16 Firmware 5.7.2 build 5...