friendsofcheese.com Cross Site Scripting vulnerability OBB-3825527

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2023-48375

SmartStar Software CWS is a web-based integration platform, it has a vulnerability of missing authorization and users are able to access data or perform actions that they should not be allowed to perform via commands. An authenticated with normal user privilege can execute administrator privilege...

CVE-2023-48376

SmartStar Software CWS is a web-based integration platform, its file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload arbitrary files to perform arbitrary command or disrupt service...

CVE-2023-48376

SmartStar Software CWS is a web-based integration platform, its file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload arbitrary files to perform arbitrary command or disrupt service...

CVE-2023-48374

SmartStar Software CWS is a web-base integration platform, it has a vulnerability of using a hard-coded for a specific account with low privilege. An unauthenticated remote attacker can exploit this vulnerability to run partial processes and obtain partial information, but can't disrupt service o...

CVE-2023-48374

SmartStar Software CWS is a web-base integration platform, it has a vulnerability of using a hard-coded for a specific account with low privilege. An unauthenticated remote attacker can exploit this vulnerability to run partial processes and obtain partial information, but can't disrupt service o...

Authorization

SmartStar Software CWS is a web-based integration platform, it has a vulnerability of missing authorization and users are able to access data or perform actions that they should not be allowed to perform via commands. An authenticated with normal user privilege can execute administrator privilege...

CVE-2023-48376

CVE-2023-48376 affects SmartStar Software CWS (a web-based integration platform). The flaw lies in the file upload function, which does not restrict dangerous file types, enabling an unauthenticated remote attacker to upload arbitrary files to execute commands or disrupt service. The CVSS vector ...

CVE-2023-48376 SmartStar Software CWS Web-Base - Arbitrary File Upload

SmartStar Software CWS is a web-based integration platform, its file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload arbitrary files to perform arbitrary command or disrupt service...

CVE-2023-48375 SmartStar Software CWS Web-Base - Broken Access Control

SmartStar Software CWS is a web-based integration platform, it has a vulnerability of missing authorization and users are able to access data or perform actions that they should not be allowed to perform via commands. An authenticated with normal user privilege can execute administrator privilege...

CVE-2023-48375

CVE-2023-48375 concerns SmartStar Software CWS, a web-based integration platform. The entry describes a broken access control issue: an authenticated user with normal privileges can obtain administrator privileges and perform arbitrary system operations or disrupt services. Affected component is ...

CVE-2023-48374

The CVE-2023-48374 entry pertains to SmartStar Software CWS, a web-based integration platform. The vulnerability is described as using a hard-coded credential for a specific low-privilege account, enabling an unauthenticated remote attacker to run partial processes and view partial information. T...

CVE-2023-48374 SmartStar Software CWS Web-Base - Use of Hard-coded Credentials

SmartStar Software CWS is a web-base integration platform, it has a vulnerability of using a hard-coded for a specific account with low privilege. An unauthenticated remote attacker can exploit this vulnerability to run partial processes and obtain partial information, but can't disrupt service o...

PT-2023-30801 · Unknown · Smartstar Software Cws

Name of the Vulnerable Software and Affected Versions: SmartStar Software CWS affected versions not specified Description: The issue is related to the use of a hard-coded account with low privilege in SmartStar Software CWS, a web-based integration platform. An unauthenticated remote attacker can...

SmartStar Software CWS Trust Management Issue Vulnerability

SmartStar Software CWS is a Web-based integration platform from China-based SmartStar Software. A trust management issue exists in SmartStar Software CWS v10.25. The vulnerability stems from a low-privileged specific account using a fixed key for authentication purposes, which can be exploited by...

SmartStar Software CWS Security Vulnerability

SmartStar Software CWS is a Web-based integration platform from China-based SmartStar Software. A security vulnerability exists in SmartStar Software CWS version v10.25, which stems from a lack of authorization checking in the system, allowing users to access data or perform operations that they...

SmartStar Software CWS Code Issue Vulnerability

SmartStar Software CWS is a Web-based integration platform from China-based SmartStar Software. A code issue vulnerability exists in SmartStar Software CWS v10.25, which stems from the file upload feature not restricting the upload of dangerous types of files, which can be exploited by remote...

paymentor.nl Cross Site Scripting vulnerability OBB-2319053

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Pylocky Unlocked: Cisco Talos releases PyLocky ransomware decryptor

This tool was developed by Mike Bautista. PyLocky is a family of ransomware written in Python that attempts to masquerade as a Locky variant. This ransomware will encrypt all files on a victim machine before demanding that the user pay a ransom to gain access to their decrypted files. To combat...

Integer overflow

The mintToken function of a smart contract implementation for CWS, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value...