99 matches found
CVE-2023-25042
CVE-2023-25042 : Stored XSS in the oAuth Twitter Feed for Developers WordPress plugin (
CVE-2022-4554
B2B Customer Ordering System developed by ID Software Project and Consultancy Services before version 1.0.0.347 has an authenticated Reflected XSS vulnerability. This has been fixed in the version 1.0.0.347...
Cross site scripting
B2B Customer Ordering System developed by ID Software Project and Consultancy Services before version 1.0.0.347 has an authenticated Reflected XSS vulnerability. This has been fixed in the version 1.0.0.347...
CVE-2022-4554
The CVE-2022-4554 entry concerns the B2B Customer Ordering System developed by ID Software Project and Consultancy Services. Affected versions are prior to 1.0.0.347 and the vulnerability is an authenticated Reflected XSS vulnerability. The issue is resolved in version 1.0.0.347. Exploitation det...
cosmosconsultancy.com.au Cross Site Scripting vulnerability OBB-2830271
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
ausphinconsultancy.com.au Cross Site Scripting vulnerability OBB-2827320
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2022-25619
Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in ping tool of Profelis IT Consultancy SambaBox allows AUTHENTICATED user to cause run arbitrary code. This issue affects: Profelis IT Consultancy SambaBox 4.0 version 4.0 and prior versions on x86...
Command injection
Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in ping tool of Profelis IT Consultancy SambaBox allows AUTHENTICATED user to cause run arbitrary code. This issue affects: Profelis IT Consultancy SambaBox 4.0 version 4.0 and prior versions on x86...
CVE-2022-25619
CVE-2022-25619 : Affected product is Profelis IT Consultancy SambaBox (x86) version 4.0 and earlier. The root cause is improper neutralization in the ping utility, enabling an AUTHENTICATED user to execute arbitrary code via a command injection. The vulnerability is documented across sources (NVD...
CVE-2022-25619 Authenticated Command Injection to RCE
Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in ping tool of Profelis IT Consultancy SambaBox allows AUTHENTICATED user to cause run arbitrary code. This issue affects: Profelis IT Consultancy SambaBox 4.0 version 4.0 and prior versions on x86...
CVE-2022-25620 Stored Cross-Site Scripting (XSS)
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Group Functionality of Profelis IT Consultancy SambaBox allows AUTHENTICATED user to cause execute arbitrary codes on the vulnerable server. This issue affects: Profelis IT Consultancy SambaBox 4.0 versio...
CVE-2022-25620
CVE-2022-25620 describes a stored XSS vulnerability in the Groups feature of Profelis IT Consultancy SambaBox, allowing an authenticated user to execute arbitrary code on the vulnerable server due to improper neutralization of script-related HTML tags. Affected: SambaBox 4.0 and earlier on x86. R...
Profelis IT Consultancy SambaBox 命令注入漏洞
Profelis IT Consultancy SambaBox is an enterprise directory solution from Profelis IT Consultancy. A security vulnerability exists in Profelis IT Consultancy SambaBox x86 4.0 and prior versions, which stems from the improper neutralization of a special element used in the command "command...
US Sanctions Pegasus-maker NSO Group and 3 Others For Selling Spyware
The U.S. Commerce Department on Wednesday added four companies, including Israel-based spyware companies NSO Group and Candiru, to a list of entities engaging in "malicious cyber activities." The agency said the two companies were added to the list based on evidence that "these entities developed...
Exploit Details Emerge for Unpatched Microsoft Bug
New details have emerged about an unpatched security vulnerability in Microsoft’s Internet Explorer that was recently used in a complex campaign against security researchers. A fresh analysis from 0patch offers further insight into where the bug exists and how it can be triggered in real-world...
consultancy.eu Cross Site Scripting vulnerability OBB-1398462
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
Automate Compliance in the Well-Architected Framework
Explore how Edrans, a DevOps, IT, and software consultancy, is using Trend Micro Cloud One™ – Conformity to adhere to the Well-Architected Framework and boost customers’ security, performance, and compliance...
consultancy-me.com Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-952347 Security Researcher tbm Helped patch 2172 vulnerabilities Received 6 Coordinated Disclosure badges Received 6 recommendations , a holder of 6 badges for responsible and coordinated disclosure, found a security vulnerability affecting consultancy-me.com website and i...
consultancy.com.au Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-952348 Security Researcher tbm Helped patch 2172 vulnerabilities Received 6 Coordinated Disclosure badges Received 6 recommendations , a holder of 6 badges for responsible and coordinated disclosure, found a security vulnerability affecting consultancy.com.au website and i...
IT consultancy firm caught running ransomware decryption scam
By Waqas Ransomware has become a persistent threat to users globally but for cybercriminals, it is a lucrative business. Recently, IT security researchers at Check Point unearthed a sophisticated ransomware decryption scam in which a Russian IT consultant company has been caught scamming ransomwa...