67 matches found
CVE-2024-8037
Vulnerable juju hook tool abstract UNIX domain socket. When combined with an attack of JUJUCONTEXTID, any user on the local system with access to the default network namespace may connect to the @/var/lib/juju/agents/unit-xxxx-yyyy/agent.socket and perform actions that are normally reserved to a...
BookStack Incorrect Access Control vulnerability
Incorrect access control in BookStack before v24.05.1 allows attackers to confirm existing system users and perform targeted notification email DoS via public facing forms...
CVE-2024-32370
An issue in HSC Cybersecurity HC Mailinspector 5.2.17-3 through 5.2.18 allows a remote attacker to obtain sensitive information via a crafted payload to the id parameter in the mliSystemUsers.php component...
PHPJabbers Cinema Booking System 1.0 Cross Site Scripting
Exploit Title: PHPJabbers Cinema Booking System v1.0 - Reflected Cross-Site Scripting Date: 19/12/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/cinema-booking-system/sectionDemo Version: v1.0...
PHPJabbers Cleaning Business Software 1.0 Cross Site Scripting
Exploit Title: PHPJabbers Cleaning Business Software v1.0 - Multiple Stored XSS Date: 19/12/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/cleaning-business-software/sectionDemo Version: v1.0...
PHPJabbers Shared Asset Booking System 1.0 Cross Site Scripting
Exploit Title: PHPJabbers Shared Asset Booking System v1.0 - Multiple Stored XSS Date: 19/12/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/shared-asset-booking-system/sectionDemo Version: v1....
PT-2023-23284 · Unknown · Sesami Cash Point & Transport Optimizer
Name of the Vulnerable Software and Affected Versions: Sesami Cash Point & Transport Optimizer CPTO version 6.3.8.6 Description: The issue allows remote attackers to execute arbitrary code and obtain sensitive information via the User ID field when creating a new system user. This is a Cross Site...
South River Technologies TitanFTP NextGen Security Vulnerability
South River Technologies TitanFTP NextGen South River Technologies Titan FTP NextGen is a natively supported cluster for high availability and failover SFTP/ FTP server. A security vulnerability exists in South River Technologies TitanFTP NextGen versions prior to 2.0.18, which stems from a defau...
Path traversal
Sudo-rs, a memory safe implementation of sudo and su, allows users to not have to enter authentication at every sudo attempt, but instead only requiring authentication every once in a while in every terminal or process group. Only once a configurable timeout has passed will the user have to...
Apache RocketMQ Command Execution Vulnerability
Several components of Apache RocketMQ, including NameServer, Broker, and Controller, are exposed to the extranet and lack permission verification. An attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running...
CVE-2023-26427
Default permissions for a properties file were too permissive. Local system users could read potentially sensitive information. We updated the default permissions for noreply.properties set during package installation. No publicly available exploits are known...
CVE-2023-33246
For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution. Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by...
Design/Logic Flaw
For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution. Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by...
CVE-2023-33246
CVE-2023-33246 affects Apache RocketMQ 5.1.0 and earlier. The vulnerability arises from leakage of NameServer, Broker, and Controller on the extranet with insufficient permission verification, allowing an attacker to trigger remote code execution by using the update configuration function or by f...
Using memory instead of storage in 'redeemPositions' will result in incorrect LP Balance
Lines of code Vulnerability details Impact This bug could lead to a situation where a user can 'redeem' their positions without the associated liquidity positions LPs being properly reset. This could result in the user being able to artificially inflate their LP balance, which could lead to...
Zoom Rooms 安全漏洞
Zoom Rooms is a software-based conferencing system from Zoom USA. A system that allows web conferencing on fixed endpoints, similar to traditional video conferencing systems. A security vulnerability exists in Zoom Rooms Installer for Windows versions prior to 5.12.6. An attacker can exploit the...
Design/Logic Flaw
Nextcloud mail is a Mail app for the Nextcloud home server product. Versions of Nextcloud mail prior to 1.12.2 were found to be missing user account ownership checks when performing tasks related to mail attachments. Attachments may have been exposed to incorrect system users. It is recommended...
thuvienbatdongsan.vn Cross Site Scripting vulnerability OBB-2706067
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
armbrust-homestaging.de Cross Site Scripting vulnerability OBB-2528426
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
oai.normannia.info Cross Site Scripting vulnerability OBB-2501840
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...