MySQL -- Multiple vulnerabilities

Oracle reports: This Critical Patch Update contains 49 new security patches for Oracle MySQL. 10 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. The highest CVSS v3.1 Base Score of vulnerabiliti...

cis355.duraken.com Cross Site Scripting vulnerability OBB-1317265

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

KLA12057 Multiple vulnerabilities in Cisco Jabber

Multiple vulnerabilities were found in Cisco Jabber. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code. Below is a complete list of vulnerabilities: 1. OSI vulnerability in Cisco Jabber can be exploited remotely via special crafted message t...

blockfintoday.com Cross Site Scripting vulnerability OBB-1247727

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

molinek.cz Cross Site Scripting vulnerability OBB-1232150

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Froala WYSIWYG HTML Editor 3.1.1 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications Product: Froala WYSIWYG HTML Editor Vendor: Froala CSNC ID: CSNC-2020-004 CVE ID: CVE-2019-19935 Subject: DOM XSS in Froala WYSIWYG HTML Editor Severity: Medium Effect: Remotely exploitable Author: Emanuel Duss Date: 2020-07-01 Introduction...

Design/Logic Flaw

CakePHP before 4.0.6 mishandles CSRF token generation. This might be remotely exploitable in conjunction with XSS...

AnyDesk GUI Format String Write

The AnyDesk GUI is vulnerable to a remotely exploitable format string vulnerability. By sending a specially crafted discovery packet, an attacker can corrupt the frontend process when it loads or refreshes. While the discovery service is always running, the GUI frontend must be started to trigger...

Security Bulletin: Vulnerability in Curl used in OS image for RedHat Enterprise Linux for Cloud Pak System (CVE-2018-16842)

Summary Vulnerability in Curl used in OS image for RedHat Enterprise Linux in Cloud Pak System. OS image for RedHat Enterprise Linux has addresssd vulnerability. Vulnerability Details CVEID: CVE-2018-16842 DESCRIPTION: cURL could allow a remote attacker to obtain sensitive information, caused by ...

deusto.es Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1142859 Security Researcher Teamhash Helped patch 326 vulnerabilities Received 3 Coordinated Disclosure badges Received 2 recommendations , a holder of 3 badges for responsible and coordinated disclosure, found a security vulnerability affecting deusto.es website and its...

MySQL Server -- Multiple vulerabilities

Oracle reports: This Critical Patch Update contains 45 new security patches for Oracle MySQL. 9 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. MariaDB reports 4 of these vulnerabilities exist i...

Oracle Tackles a Massive 405 Bugs for Its April Quarterly Patch Update

Oracle admins are staring down the barrel of a massive quarterly Critical Patch Update that includes 405 patches. Business software giant Oracle Corp. revealed 286 of those vulnerabilities are remotely exploitable across nearly two dozen product lines. Impacted with multiple critical flaws, rated...

rotfiat.com.ar Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1141428 Security Researcher g0bl1nsec Helped patch 3754 vulnerabilities Received 4 Coordinated Disclosure badges Received 3 recommendations , a holder of 4 badges for responsible and coordinated disclosure, found a security vulnerability affecting rotfiat.com.ar website an...

CVE-2019-11027

Ruby OpenID aka ruby-openid through 2.8.0 has a remotely exploitable flaw. This library is used by Rails web applications to integrate with OpenID Providers. Severity can range from medium to critical, depending on how a web application developer chose to employ the ruby-openid library. Developer...

Oracle Ties Previous All-Time Patch High with January Updates

Oracle has patched 334 vulnerabilities across all of its product families in its January 2020 quarterly Critical Patch Update CPU. Out of these, 43 are critical/severe flaws carrying CVSS scores of 9.1 and above. The CPU ties for Oracle’s previous all-time high for number of patches issued, in Ju...

Apache Olingo OData 4.0 - XML External Entity Injection

Apache Olingo OData 4.0 - XML External Entity Injection COMPASS SECURITY ADVISORY https://www.compass-security.com/research/advisories/ Product: Apache Olingo OData 4.0 Vendor: Apache Foundation CSNC ID: CSNC-2009-025 CVE ID: CVE-2019-17554 Subject: XML External Entity Resolution XXE Risk: High...

Apache Olingo OData 4.0 - XML External Entity Injection

COMPASS SECURITY ADVISORY https://www.compass-security.com/research/advisories/ Product: Apache Olingo OData 4.0 Vendor: Apache Foundation CSNC ID: CSNC-2009-025 CVE ID: CVE-2019-17554 Subject: XML External Entity Resolution XXE Risk: High Effect: Remotely exploitable Author: Archibald Haddock...

ky.thehealthjob.com Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-976971 Security Researcher 0xrocky Helped patch 1796 vulnerabilities Received 7 Coordinated Disclosure badges Received 5 recommendations , a holder of 7 badges for responsible and coordinated disclosure, found a security vulnerability affecting ky.thehealthjob.com website...

KLA11532 A PE vulnerability in Microsoft Dynamics 365 On-Premise v9

An elevation of privilege vulnerability in Dynamics On-Premise can be exploited remotely via specially crafted XAML script to gain privileges. Original advisories CVE-2019-1229 Related products Microsoft-Dynamics-365 CVE list CVE-2019-1229 high KB list 4508724 Solution Install necessary updates...

BD Alaris Gateway Workstation

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Remotely exploitable/low skill level to exploit Vendor: BD Becton, Dickinson and Company Equipment: Alaris Gateway Workstation Vulnerabilities: Improper Access Control, Unrestricted Upload of File with Dangerous Type 2. RISK EVALUATION Exploitation of...