15 matches found
tenderer.ru Cross Site Scripting vulnerability OBB-1385345
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
ceicdata.com Cross Site Scripting vulnerability OBB-1192927
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
one2web.co.uk Open Redirect vulnerability
Open Bug Bounty ID: OBB-1145777 Security Researcher myNickName Helped patch 200 vulnerabilities Received 2 Coordinated Disclosure badges , a holder of 2 badges for responsible and coordinated disclosure, found a security vulnerability affecting one2web.co.uk website and its users. Following...
smart-office.nl Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1081304 Security Researcher securaji Helped patch 77 vulnerabilities Received 3 Coordinated Disclosure badges Received 4 recommendations , a holder of 3 badges for responsible and coordinated disclosure, found a security vulnerability affecting smart-office.nl website and...
[SECURITY] [DLA 975-1] wordpress security update
Package : wordpress Version : 3.6.1+dfsg-1deb7u15 CVE ID : CVE-2017-8295 CVE-2017-9061 CVE-2017-9062 CVE-2017-9063 CVE-2017-9064 CVE-2017-9065 Debian Bug : 862053 862816 Several vulnerabilities were discovered in wordpress, a web blogging tool. The Common Vulnerabilities and Exposures project...
[SECURITY] [DSA 3870-1] wordpress security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3870-1 [email protected] https://www.debian.org/security/ Sebastien Delafond June 01, 2017 https://www.debian.org/security/faq -...
Debian DSA-3870-1 : wordpress - security update
Several vulnerabilities were discovered in wordpress, a web blogging tool. They would allow remote attackers to force password resets, and perform various cross-site scripting and cross-site request forgery attacks. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...
WordPress Password Reset CVE-2017-8295 Security Bypass Vulnerability - Linux
WordPress is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wordpress:wordpress";...
WordPress Password Reset CVE-2017-8295 Security Bypass Vulnerability - Windows
WordPress is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wordpress:wordpress";...
WordPress Unauthorized Password Reset (CVE-2017-8295)
An unauthorized password reset vulnerability exists in WordPress core. The vulnerability is due to WordPress using untrusted data when creating a password reset e-mail. Successful exploitation of this vulnerability could allow a remote attacker to reset user's password and gain unauthorized acces...
CVE-2017-8295
WordPress through 4.7.4 relies on the Host HTTP header for a password-reset e-mail message, which makes it easier for remote attackers to reset arbitrary passwords by making a crafted wp-login.php?action=lostpassword request and then arranging for this message to bounce or be resent, leading to...
CVE-2017-8295
WordPress through 4.7.4 relies on the Host HTTP header for a password-reset e-mail message, which makes it easier for remote attackers to reset arbitrary passwords by making a crafted wp-login.php?action=lostpassword request and then arranging for this message to bounce or be resent, leading to...
CVE-2017-8295
WordPress before version 4.7.5 is affected by CVE-2017-8295, where password resets can be triggered via the password-reset email process by using the Host HTTP header. The root cause is the use of the SERVER_NAME/host-derived value in wp-includes/pluggable.php with the PHP mail function, allowing...
Unpatched WordPress Password Reset Vulnerability Lingers
A zero-day vulnerability exists in WordPress Core that in some instances could allow an attacker to reset a user’s password and gain access to their account. Researcher Dawid Golunski of Legal Hackers disclosed the vulnerability on Wednesday via his new ExploitBox service. All versions of...
CVE-2017-8295
WordPress through 4.7.4 relies on the Host HTTP header for a password-reset e-mail message, which makes it easier for remote attackers to reset arbitrary passwords by making a crafted wp-login.php?action=lostpassword request and then arranging for this message to bounce or be resent, leading to...