Lucene search
K

15 matches found

Openbugbounty
Openbugbounty
added 2020/10/06 1:51 p.m.12 views

tenderer.ru Cross Site Scripting vulnerability OBB-1385345

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

0.7AI score
Exploits0
Openbugbounty
Openbugbounty
added 2020/06/11 3:30 p.m.13 views

ceicdata.com Cross Site Scripting vulnerability OBB-1192927

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

6.3AI score
Exploits0
Openbugbounty
Openbugbounty
added 2020/04/18 5:49 a.m.11 views

one2web.co.uk Open Redirect vulnerability

Open Bug Bounty ID: OBB-1145777 Security Researcher myNickName Helped patch 200 vulnerabilities Received 2 Coordinated Disclosure badges , a holder of 2 badges for responsible and coordinated disclosure, found a security vulnerability affecting one2web.co.uk website and its users. Following...

0.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2020/02/01 1:4 a.m.9 views

smart-office.nl Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1081304 Security Researcher securaji Helped patch 77 vulnerabilities Received 3 Coordinated Disclosure badges Received 4 recommendations , a holder of 3 badges for responsible and coordinated disclosure, found a security vulnerability affecting smart-office.nl website and...

0.2AI score
Exploits0
Debian
Debian
added 2017/06/02 12:47 p.m.39 views

[SECURITY] [DLA 975-1] wordpress security update

Package : wordpress Version : 3.6.1+dfsg-1deb7u15 CVE ID : CVE-2017-8295 CVE-2017-9061 CVE-2017-9062 CVE-2017-9063 CVE-2017-9064 CVE-2017-9065 Debian Bug : 862053 862816 Several vulnerabilities were discovered in wordpress, a web blogging tool. The Common Vulnerabilities and Exposures project...

8.8CVSS9AI score0.26699EPSS
Exploits7
Debian
Debian
added 2017/06/01 5:31 a.m.35 views

[SECURITY] [DSA 3870-1] wordpress security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3870-1 [email protected] https://www.debian.org/security/ Sebastien Delafond June 01, 2017 https://www.debian.org/security/faq -...

8.8CVSS8.6AI score0.26699EPSS
Exploits7
Tenable Nessus
Tenable Nessus
added 2017/06/01 12:0 a.m.56 views

Debian DSA-3870-1 : wordpress - security update

Several vulnerabilities were discovered in wordpress, a web blogging tool. They would allow remote attackers to force password resets, and perform various cross-site scripting and cross-site request forgery attacks. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...

8.8CVSS6.9AI score0.26699EPSS
Exploits7References10
OpenVAS
OpenVAS
added 2017/05/08 12:0 a.m.125 views

WordPress Password Reset CVE-2017-8295 Security Bypass Vulnerability - Linux

WordPress is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wordpress:wordpress";...

5.9CVSS6.2AI score0.26699EPSS
Exploits7References4
OpenVAS
OpenVAS
added 2017/05/08 12:0 a.m.239 views

WordPress Password Reset CVE-2017-8295 Security Bypass Vulnerability - Windows

WordPress is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wordpress:wordpress";...

5.9CVSS6.2AI score0.26699EPSS
Exploits7References4
Check Point Advisories
Check Point Advisories
added 2017/05/07 12:0 a.m.15 views

WordPress Unauthorized Password Reset (CVE-2017-8295)

An unauthorized password reset vulnerability exists in WordPress core. The vulnerability is due to WordPress using untrusted data when creating a password reset e-mail. Successful exploitation of this vulnerability could allow a remote attacker to reset user's password and gain unauthorized acces...

4.3CVSS3.2AI score0.26699EPSS
Exploits7
UbuntuCve
UbuntuCve
added 2017/05/04 2:29 p.m.58 views

CVE-2017-8295

WordPress through 4.7.4 relies on the Host HTTP header for a password-reset e-mail message, which makes it easier for remote attackers to reset arbitrary passwords by making a crafted wp-login.php?action=lostpassword request and then arranging for this message to bounce or be resent, leading to...

5.9CVSS6.5AI score0.26699EPSS
Exploits7References3
Cvelist
Cvelist
added 2017/05/04 2:0 p.m.38 views

CVE-2017-8295

WordPress through 4.7.4 relies on the Host HTTP header for a password-reset e-mail message, which makes it easier for remote attackers to reset arbitrary passwords by making a crafted wp-login.php?action=lostpassword request and then arranging for this message to bounce or be resent, leading to...

7.1AI score0.26699EPSS
Exploits7References6
CVE
CVE
added 2017/05/04 2:0 p.m.335 views

CVE-2017-8295

WordPress before version 4.7.5 is affected by CVE-2017-8295, where password resets can be triggered via the password-reset email process by using the Host HTTP header. The root cause is the use of the SERVER_NAME/host-derived value in wp-includes/pluggable.php with the PHP mail function, allowing...

5.9CVSS5.9AI score0.26699EPSS
In wildExploits7References6Affected Software1
ThreatPost
ThreatPost
added 2017/05/04 12:46 p.m.42 views

Unpatched WordPress Password Reset Vulnerability Lingers

A zero-day vulnerability exists in WordPress Core that in some instances could allow an attacker to reset a user’s password and gain access to their account. Researcher Dawid Golunski of Legal Hackers disclosed the vulnerability on Wednesday via his new ExploitBox service. All versions of...

4.3CVSS7AI score0.26699EPSS
Exploits7References11
ATTACKERKB
ATTACKERKB
added 2017/05/04 12:0 a.m.330 views

CVE-2017-8295

WordPress through 4.7.4 relies on the Host HTTP header for a password-reset e-mail message, which makes it easier for remote attackers to reset arbitrary passwords by making a crafted wp-login.php?action=lostpassword request and then arranging for this message to bounce or be resent, leading to...

5.9CVSS6AI score0.26699EPSS
In wildExploits7References7
Rows per page
Query Builder