139 matches found
Arbitrary Code Execution
thunderbird is vulnerable to arbitrary code execution. An integer overflow in the Skia library when allocating memory for edge builders on some systems with at least 16 GB of RAM allows an attacker to exploit the vulnerability to crash the application or potentially execute arbitrary code on the...
shelbycountybuilders.com Cross Site Scripting vulnerability OBB-1422619
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
Xi'an XiMeiBo Intelligent Technology Co., Ltd. has SQL Injection Vulnerabilities in Multiple Website Building Systems
Ltd. is located in the beautiful scenery of the ancient city of Xi'an, Shaanxi Province, with a registered capital of 10 million yuan RMB, is a high-tech enterprise integrating development, manufacturing, sales and service. Xi'an Qingbo Intelligent Technology Co., Ltd. a number of station buildin...
charlestonbuilders.com Cross Site Scripting vulnerability OBB-1292337
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
[SECURITY] Fedora 32 Update: eclipse-gef-3.11.0-13.fc32
The Graphical Editing Framework GEF allows developers to create a rich graphical editor from an existing application model. GEF is completely application neutral and provides the groundwork to build almost any application, including but not limited to: activity diagrams, GUI builders, class diagr...
xml-security: Apache Santuario potentially loads XML parsing code from an untrusted source
In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this...
darwinbuilders.com Cross Site Scripting vulnerability OBB-1238819
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
larson-builders.com Cross Site Scripting vulnerability OBB-1236956
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
Bridging the gaps between Red and Blue teaming
Red Team, Blue Team, Purple Team, Black Team… Rainbow team? What are all of these things and what do they all mean? Is this a new case of a new found buzzword bingo or do they have a place and a purpose? The coloured teams are something that is thrown around a lot and while some of them are bette...
Information Builders WebFOCUS Business Intelligence Cross-Site Scripting Vulnerability
Information Builders WebFOCUS Business Intelligence BI is a suite of business intelligence and analytics platforms from Information Builders, Inc. in the United States. The platform provides data analysis tools, applications, reporting and document generation. A cross-site scripting vulnerability...
OurPHP Omnicom website builder system background exists arbitrary file deletion vulnerability
OurPHP Aopia website building system is a enterprise + e-commerce marketing website building system. OurPHP website builder system has an arbitrary file deletion vulnerability in the background, which can be exploited by attackers to delete any file under the server...
xml-security: Apache Santuario potentially loads XML parsing code from an untrusted source
In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this...
xml-security: Apache Santuario potentially loads XML parsing code from an untrusted source
In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this...
xml-security: Apache Santuario potentially loads XML parsing code from an untrusted source
In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this...
xml-security: Apache Santuario potentially loads XML parsing code from an untrusted source
In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this...
XSS Vulnerability in Xi'an Gibbon Network Co.
Farming Builders is a new generation of SaaS cloud intelligent website building tools. Xi'an Gibbon Network Co., Ltd. station building system exists XSS vulnerability, attackers can use the vulnerability to insert malicious js code, to obtain user cookies and other information...
Design/Logic Flaw
In CloudVision Portal CVP for all releases in the 2018.2 Train, under certain conditions, the application logs user passwords in plain text for certain API calls, potentially leading to user password exposure. This only affects CVP environments where: 1. Devices have enable mode passwords which a...
Smart Trim - Moderately critical - Cross site scripting - SA-CONTRIB-2019-092
The Smart Trim module allows site builders additional control with text summary fields. The module doesn't sufficiently filter text when certain options are selected. This vulnerability is mitigated by the fact that an attacker must have a role with the ability to create content on the site when...
GHSA-4Q98-WR72-H35W Improper input validation in Apache Santuario XML Security for Java
In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this...
DEBIAN-CVE-2019-12400
In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this...