613 matches found
VAST - Visibility Across Space And Time
The network telemetry engine for data-driven security investigations. Getting Started — Installation — Documentation — Development — Changelog — License and Scientific Use Chat with us on Gitter, or join us on Matrix at tenzirvast:gitter.im. Key Features High-Throughput Ingestion : import numerou...
vtiger crm SQL注入漏洞
Vtiger CRM is a set of customer relationship management system CRM based on SugarCRM developed by American Vtiger. The management system provides functions such as managing, collecting, and analyzing customer information. A security vulnerability exists in vtiger crm 7.2 that originates from a...
CVE-2021-24146
CVE-2021-24146 affects WordPress Modern Events Calendar Lite (versions before 5.16.5). The flaw is lack of proper authorization checks that do not restrict access to exported event files, allowing unauthenticated users to retrieve all events data in CSV or XML formats. Affected plugin: Modern Eve...
PT-2021-15692 · WordPress · Modern Events Calendar Lite
Name of the Vulnerable Software and Affected Versions: Modern Events Calendar Lite WordPress plugin versions prior to 5.16.5 Description: The issue is related to a lack of authorization checks in the plugin, which did not properly restrict access to export files. This allowed unauthenticated user...
CVE-2021-21085
Adobe Connect version 11.0.7 and earlier is affected by an Input Validation vulnerability in the export feature. An attacker could exploit this vulnerability by injecting a payload into an online event form and achieve code execution if the victim exports and opens the data on their local machine...
CVE-2021-21287
MinIO is a High Performance Object Storage released under Apache License v2.0. In MinIO before version RELEASE.2021-01-30T00-20-58Z there is a server-side request forgery vulnerability. The target application may have functionality for importing data from a URL, publishing data to a URL, or...
CVE-2020-26285
OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.5, there is a vulnerability which enables remote code execution. In affected versions an administrator with permission to import/export data and to create widget instances was able to inject an...
ig.com Cross Site Scripting vulnerability OBB-1735205
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
Automattic: Reflected XSS in https://www.intensedebate.com/js/getCommentLink.php
Hey there, I have found a reflected dom xss vulnerability in your website www.intensedebate.com, the posttitle parameter is vulnerable. --------------------------------------------------------------------------------------------------------------------------------------------------- Full url:...
Code injection
Telegram Desktop through 2.4.3 does not require passcode entry upon pushing the Export key within the Export Telegram Data wizard. The threat model is a victim who has voluntarily opened Export Wizard but is then distracted. An attacker then approaches the unattended desktop and pushes the Export...
CVE-2020-25824
Telegram Desktop up to version 2.4.3 is vulnerable: when a user opens the Export Telegram Data wizard, pressing the Export key on an unattended, distracted desktop allows an attacker to access all chat conversations and media files because no passcode is required. Affected product: Telegram Deskt...
mybroadband.co.za Improper Access Control vulnerability OBB-1380074
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
vmestestem.ru Cross Site Scripting vulnerability OBB-1349837
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
Information Disclosure in extension "Localization Manager" (l10nmgr)
A missing access check allows an authenticated backend user to view and export data of translatable fields which are outside of the users access scope resulting in Information Disclosure...
CVE-2020-1182
A remote code execution vulnerability exists in Microsoft Dynamics 365 for Finance and Operations on-premises version 10.0.11. An attacker who successfully exploited this vulnerability could gain remote code execution via server-side script execution on the victim server. An authenticated attacke...
kkb.co.jp Cross Site Scripting vulnerability OBB-1255442
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
heliotropo.nl Cross Site Scripting vulnerability OBB-1249318
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
robozavr.com Cross Site Scripting vulnerability OBB-1246783
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
istockphoto.com Cross Site Scripting vulnerability OBB-1244419
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
dingjiatruckparts.com Cross Site Scripting vulnerability OBB-1237436
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...