opie-benthos.fr Cross Site Scripting vulnerability OBB-3471117

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

fast-xml-parser regex vulnerability patch could be improved from a safety perspective

Summary This is a comment on https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-6w63-h3fj-q4vw and the patches fixing it. Details The code which validates a name calls the validator:...

CVE-2023-34095 cpdb-libs vulnerable to buffer overflows via scanf

cpdb-libs provides frontend and backend libraries for the Common Printing Dialog Backends CPDB project. In versions 1.0 through 2.0b4, cpdb-libs is vulnerable to buffer overflows via improper use of scanf3. cpdb-libs uses the fscanf and scanf functions to parse command lines and configuration...

forschung.medunigraz.at Cross Site Scripting vulnerability OBB-3423625

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

kuwaitpr.com Cross Site Scripting vulnerability OBB-3413434

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Code injection

TGstation is a toolset to manage production BYOND servers. In affected versions if a Windows user was registered in tgstation-server TGS, an attacker could discover their username by brute-forcing the login endpoint with an invalid password. When a valid Windows logon was found, a distinct respon...

SA-2023-06-06-CVE-2023-28324

SECURITY ADVISORY 06-06-2023 Product Affected: Ivanti Endpoint Manager A vulnerability was recently discovered for Ivanti Endpoint Manager for all versions of 2022 SU2 and below. Please patch to the latest version of EPM 2022. If you are using 2021.1, please patch to SU4 and apply the hotfix as...

Play ransomware gang compromises Spanish bank, threatens to leak files

Ransomware is creating additional work for a major Spanish bank. Globalcaja, said to have more than 300 offices in Spain and close to half a million customers, has fallen victim to the Play ransomware gang. The gang claim to have swiped both private and personal information in the attack--includi...

DEBIAN-CVE-2023-32685

Kanboard is project management software that focuses on the Kanban methodology. Due to improper handling of elements under the contentEditable element, maliciously crafted clipboard content can inject arbitrary HTML tags into the DOM. A low-privileged attacker with permission to attach a document...

CVE-2023-1668 affecting package openvswitch for versions less than 2.17.5-2

CVE-2023-1668 affecting package openvswitch for versions less than 2.17.5-2. A patched version of the package is available...

Rheinmetall attacked by BlackBasta ransomware

On Friday May 19, 2023, the German arms producer Rheinmetall acknowledged a cyber-incident at one of its subsidiaries in the private sector. The BlackBasta ransomware group has already claimed responsibility for the attack through its leak-site. Entry for Rheinmetall on BlackBasta leak site...

Employee guilty of joining ransomware attack on his own company

A 28-year old IT Security Analyst pleaded guilty and will consequently be convicted of blackmail and unauthorized access to a computer with intent to commit other offences. It all started when the UK gene and cell therapy company Oxford BioMedica fell victim to a cybersecurity incident which...

[Important] [Security] Virtuozzo ReadyKernel Patch 156.4 for Virtuozzo Hybrid Server 7.5

The cumulative Virtuozzo ReadyKernel patch was updated with security fixes. The patch applies to all supported kernels of Virtuozzo Hybrid Server 7.5. Vulnerability id: CVE-2022-24448 3.10.0-1160.41.1.vz7.183.5 to 3.10.0-1160.80.1.vz7.191.4 Handle case where the lookup of a directory but the file...

WordPress Unite Gallery Lite Plugin <= 1.7.59 is vulnerable to Local File Inclusion

Software Unite Gallery Lite Type Plugin Vulnerable versions = 1.7.59 Fixed in 1.7.60 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2023-33310 Patch priority Low CVSS severity Low 6 Developer Claim ownership PSID 48cbd93fa977 Credits yuyudhn Required privilege Administrato...

nagoya-itkaikei.ac.jp Cross Site Scripting vulnerability OBB-3351462

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

zoewebs.com Cross Site Scripting vulnerability OBB-3349252

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

PT-2023-23581 · Unknown · Xwiki Platform

Name of the Vulnerable Software and Affected Versions: XWiki Platform versions prior to 14.10.4 Description: The XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions prior to 14.10.4, it is possible to exploit well-known parameters i...

Oracle Linux 9 : xorg-x11-server-Xwayland (ELSA-2023-2249)

The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2023-2249 advisory. - Fix CVE-2023-0494 2166974 - Follow-up fix for CVE-2022-46340 2151778 - CVE fix for: CVE-2022-4283 2151803, CVE-2022-46340 2151778, CVE-2022-46341...

typelane.com Cross Site Scripting vulnerability OBB-3335515

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

localsolidaritydays.eu Cross Site Scripting vulnerability OBB-3322232

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...