246 matches found
Bazaar allows remote attackers to execute arbitrary commands via a bzr+ssh URL with initial dash character in hostname
Bazaar through 2.7.0, when Subprocess SSH is used, allows remote attackers to execute arbitrary commands via a bzr+ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-16228, CVE-2017-1000116, and CVE-2017-1000117...
Digital Bazaar Forge Data Forgery Issue Vulnerability
Digital Bazaar Forge is a native implementation of Tls in Javascript and an open source tool for writing encryption-based and network-intensive Web applications from Digital Bazaar, Inc. digitalbazaar Forge versions prior to 1.3.0 are vulnerable to a data forgery issue that originates from RSA PK...
Digital Bazaar Forge Data Forgery Issue Vulnerability (CNVD-2022-22656)
Digital Bazaar Forge is a native implementation of Tls in Javascript and an open source tool for writing encryption-based and network-intensive Web applications from Digital Bazaar, Inc. A data forgery issue vulnerability exists in versions prior to Digital Bazaar Forge 1.3.0, which originated in...
Digital Bazaar Forge 数据伪造问题漏洞
Digital Bazaar Forge is a native implementation of Digital Bazaar's Tls in Javascript and an open source tool for writing cryptographic and web-intensive web applications. Prior to Digital Bazaar Forge version 1.3.0, a data forgery vulnerability exists in RSA PKCS, which stems from the loose...
Digital Bazaar Forge 数据伪造问题漏洞
Digital Bazaar Forge is a native implementation of Tls in Javascript and an open source tool for writing encryption-based and network-intensive Web applications from Digital Bazaar, Inc. digitalbazaar Forge versions prior to 1.3.0 are vulnerable to a data forgery issue that originates from RSA PK...
Digital Bazaar Forge 数据伪造问题漏洞
Digital Bazaar Forge is a native implementation of Tls in Javascript and an open source tool for writing encryption-based and network-intensive Web applications from Digital Bazaar, Inc. A data forgery issue vulnerability exists in versions prior to Digital Bazaar Forge 1.3.0, which originated in...
Mageia: Security Advisory (MGASA-2018-0320)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Digital Bazaar Forge 输入验证错误漏洞
Digital Bazaar Forge is a native implementation of Tls in Javascript and an open source tool for writing encryption-based and web-intensive web applications from Digital Bazaar, Inc. An input validation error vulnerability exists in Digital Bazaar Forge, which stems from the product allowing URL...
Bazaar Web PHP Social Listings Shell Upload
-- Exploit Title: Bazaar Web PHP Social Listings Arbitrary File Upload Google Dork: N/A Date: 19/12/2021 Exploit Author: Sohel Yousef - [email protected] Software Link: https://codecanyon.net/item/bazaar-social-listing-shopping-web-php-template/23207913 Software Demo...
Bazaar Web PHP Social Listings Shell Upload Vulnerability
-- Exploit Title: Bazaar Web PHP Social Listings Arbitrary File Upload Exploit Author: Sohel Yousef - email protected Software Link: https://codecanyon.net/item/bazaar-social-listing-shopping-web-php-template/23207913 Software Demo :https://xserver.app/apps/bazaar-web/index.php Category: webapps ...
Open Redirect in digitalbazaar/forge
✍️ Description parseUrl functionality in node-forge mishandles certain uses of backslash such as https:///\ and interprets the URI as a relative path. Browsers accept backslashes after the protocol, and treat it as a normal slash, while node-forge sees it as a relative path and leads to URL...
EulerOS 2.0 SP3 : wireshark (EulerOS-SA-2021-1859)
According to the versions of the wireshark packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the SIGCOMP dissector could crash. This was addressed in epan/dissectors/packet-sigcomp.c by...
Huawei EulerOS: Security Advisory for bzr (EulerOS-SA-2021-1283)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Law Enforcement Seizes Joker's Stash — Stolen Credit Card Marketplace
The US Federal Bureau of Investigation FBI and Interpol have allegedly seized proxy servers used in connection with Blockchain-based domains belonging to Joker's Stash, a notorious fraud bazaar known for selling compromised payment card data in underground forums. The takedown happened last week ...
NewStart CGSL CORE 5.05 / MAIN 5.05 : wireshark Multiple Vulnerabilities (NS-SA-2020-0097)
The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has wireshark packages installed that are affected by multiple vulnerabilities: - In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by...
NewStart CGSL CORE 5.04 / MAIN 5.04 : wireshark Multiple Vulnerabilities (NS-SA-2020-0064)
The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has wireshark packages installed that are affected by multiple vulnerabilities: - In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by...
Arbitrary Code Execution
Bazaar is vulnerable to Arbitrary Code Execution. An attacker is able to execute arbitrary commands via a bzr+ssh URL with an initial dash character in the hostname...
kudumbashreebazaar.com Cross Site Scripting vulnerability OBB-1463045
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
179 Arrested in Massive Global Dark Web Takedown
Operation Disruptor is an unprecedented international law enforcement effort, stemming from last year’s seizure of a popular underground bazaar called Wall Street Market...
bazaar-magazine.com Cross Site Scripting vulnerability OBB-1297666
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...