Lucene search
K

246 matches found

Github Security Blog
Github Security Blog
added 2022/05/13 1:43 a.m.17 views

Bazaar allows remote attackers to execute arbitrary commands via a bzr+ssh URL with initial dash character in hostname

Bazaar through 2.7.0, when Subprocess SSH is used, allows remote attackers to execute arbitrary commands via a bzr+ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-16228, CVE-2017-1000116, and CVE-2017-1000117...

9.3CVSS7.1AI score0.05978EPSS
Exploits0References10Affected Software1
CNVD
CNVD
added 2022/03/23 12:0 a.m.23 views

Digital Bazaar Forge Data Forgery Issue Vulnerability

Digital Bazaar Forge is a native implementation of Tls in Javascript and an open source tool for writing encryption-based and network-intensive Web applications from Digital Bazaar, Inc. digitalbazaar Forge versions prior to 1.3.0 are vulnerable to a data forgery issue that originates from RSA PK...

7.5CVSS2.6AI score0.01015EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/23 12:0 a.m.48 views

Digital Bazaar Forge Data Forgery Issue Vulnerability (CNVD-2022-22656)

Digital Bazaar Forge is a native implementation of Tls in Javascript and an open source tool for writing encryption-based and network-intensive Web applications from Digital Bazaar, Inc. A data forgery issue vulnerability exists in versions prior to Digital Bazaar Forge 1.3.0, which originated in...

5.3CVSS1.7AI score0.00875EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/03/18 12:0 a.m.4 views

Digital Bazaar Forge 数据伪造问题漏洞

Digital Bazaar Forge is a native implementation of Digital Bazaar's Tls in Javascript and an open source tool for writing cryptographic and web-intensive web applications. Prior to Digital Bazaar Forge version 1.3.0, a data forgery vulnerability exists in RSA PKCS, which stems from the loose...

7.5CVSS7AI score0.00717EPSS
Exploits0References8
CNNVD
CNNVD
added 2022/03/18 12:0 a.m.6 views

Digital Bazaar Forge 数据伪造问题漏洞

Digital Bazaar Forge is a native implementation of Tls in Javascript and an open source tool for writing encryption-based and network-intensive Web applications from Digital Bazaar, Inc. digitalbazaar Forge versions prior to 1.3.0 are vulnerable to a data forgery issue that originates from RSA PK...

7.5CVSS5.7AI score0.01015EPSS
Exploits0References8
CNNVD
CNNVD
added 2022/03/18 12:0 a.m.25 views

Digital Bazaar Forge 数据伪造问题漏洞

Digital Bazaar Forge is a native implementation of Tls in Javascript and an open source tool for writing encryption-based and network-intensive Web applications from Digital Bazaar, Inc. A data forgery issue vulnerability exists in versions prior to Digital Bazaar Forge 1.3.0, which originated in...

5.3CVSS5.8AI score0.00875EPSS
Exploits0References9
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.20 views

Mageia: Security Advisory (MGASA-2018-0320)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS8AI score0.03773EPSS
Exploits2References14
CNNVD
CNNVD
added 2022/01/06 12:0 a.m.5 views

Digital Bazaar Forge 输入验证错误漏洞

Digital Bazaar Forge is a native implementation of Tls in Javascript and an open source tool for writing encryption-based and web-intensive web applications from Digital Bazaar, Inc. An input validation error vulnerability exists in Digital Bazaar Forge, which stems from the product allowing URL...

6.1CVSS6.3AI score0.00832EPSS
Exploits1References3
Packet Storm
Packet Storm
added 2021/12/20 12:0 a.m.246 views

Bazaar Web PHP Social Listings Shell Upload

-- Exploit Title: Bazaar Web PHP Social Listings Arbitrary File Upload Google Dork: N/A Date: 19/12/2021 Exploit Author: Sohel Yousef - [email protected] Software Link: https://codecanyon.net/item/bazaar-social-listing-shopping-web-php-template/23207913 Software Demo...

7.4AI score
Exploits0
0day.today
0day.today
added 2021/12/20 12:0 a.m.303 views

Bazaar Web PHP Social Listings Shell Upload Vulnerability

-- Exploit Title: Bazaar Web PHP Social Listings Arbitrary File Upload Exploit Author: Sohel Yousef - email protected Software Link: https://codecanyon.net/item/bazaar-social-listing-shopping-web-php-template/23207913 Software Demo :https://xserver.app/apps/bazaar-web/index.php Category: webapps ...

7.4AI score
Exploits0
Huntr
Huntr
added 2021/09/04 11:14 a.m.28 views

Open Redirect in digitalbazaar/forge

✍️ Description parseUrl functionality in node-forge mishandles certain uses of backslash such as https:///\ and interprets the URI as a relative path. Browsers accept backslashes after the protocol, and treat it as a normal slash, while node-forge sees it as a relative path and leads to URL...

5.8CVSS0.3AI score0.00832EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2021/04/30 12:0 a.m.51 views

EulerOS 2.0 SP3 : wireshark (EulerOS-SA-2021-1859)

According to the versions of the wireshark packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the SIGCOMP dissector could crash. This was addressed in epan/dissectors/packet-sigcomp.c by...

7.8CVSS6.9AI score0.05803EPSS
Exploits8References14
OpenVAS
OpenVAS
added 2021/02/22 12:0 a.m.26 views

Huawei EulerOS: Security Advisory for bzr (EulerOS-SA-2021-1283)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.3CVSS8.5AI score0.05978EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2020/12/23 7:49 a.m.46 views

Law Enforcement Seizes Joker's Stash — Stolen Credit Card Marketplace

The US Federal Bureau of Investigation FBI and Interpol have allegedly seized proxy servers used in connection with Blockchain-based domains belonging to Joker's Stash, a notorious fraud bazaar known for selling compromised payment card data in underground forums. The takedown happened last week ...

6.7AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2020/12/09 12:0 a.m.40 views

NewStart CGSL CORE 5.05 / MAIN 5.05 : wireshark Multiple Vulnerabilities (NS-SA-2020-0097)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has wireshark packages installed that are affected by multiple vulnerabilities: - In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by...

7.8CVSS6.8AI score0.03773EPSS
Exploits3References8
Tenable Nessus
Tenable Nessus
added 2020/12/09 12:0 a.m.26 views

NewStart CGSL CORE 5.04 / MAIN 5.04 : wireshark Multiple Vulnerabilities (NS-SA-2020-0064)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has wireshark packages installed that are affected by multiple vulnerabilities: - In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by...

7.8CVSS6.8AI score0.03773EPSS
Exploits3References8
Veracode
Veracode
added 2020/12/06 3:43 a.m.43 views

Arbitrary Code Execution

Bazaar is vulnerable to Arbitrary Code Execution. An attacker is able to execute arbitrary commands via a bzr+ssh URL with an initial dash character in the hostname...

8.8CVSS4AI score0.05978EPSS
Exploits0References8Affected Software1
Openbugbounty
Openbugbounty
added 2020/10/29 4:3 p.m.9 views

kudumbashreebazaar.com Cross Site Scripting vulnerability OBB-1463045

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

6.2AI score
Exploits0
Wired Threat Level
Wired Threat Level
added 2020/09/22 4:57 p.m.18 views

179 Arrested in Massive Global Dark Web Takedown

Operation Disruptor is an unprecedented international law enforcement effort, stemming from last year’s seizure of a popular underground bazaar called Wall Street Market...

2.3AI score
Exploits0
Openbugbounty
Openbugbounty
added 2020/09/03 7:55 a.m.9 views

bazaar-magazine.com Cross Site Scripting vulnerability OBB-1297666

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

6.2AI score
Exploits0
Rows per page
Query Builder