linda-nier.de Cross Site Scripting vulnerability OBB-2729496

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2022-2078

creationtimestamp| type| source ---|---|--- 2022-06-30 16:38:33+00:00| seen| https://t.me/cibsecurity/45404 2022-09-14 22:31:39+00:00| seen| https://t.me/cibsecurity/49788 2022-09-14 22:42:39+00:00| seen| https://t.me/VulnerabilityNews/29938 2022-11-09 14:32:08+00:00| published-proof-of-concept|...

CVE-2022-20828

creationtimestamp| type| source ---|---|--- 2022-06-24 20:31:16+00:00| seen| https://t.me/cibsecurity/45112 2022-09-02 17:35:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/ciscoasaxsfrrce.rb 2022-09-04 05:06:05+00:00| seen|...

ctkdemo.com Cross Site Scripting vulnerability OBB-2668667

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2022-31847

creationtimestamp| type| source ---|---|--- 2022-06-14 18:23:59+00:00| seen| https://t.me/cibsecurity/44409 2024-11-12 00:00:00+00:00| exploited| The Shadowserver honeypot/exploited-vulnerabilities - 2024-11-12 2024-12-12 00:00:00+00:00| exploited| The Shadowserver...

Vulners Linux Audit API: Security Bulletin Publication Dates in Results

Hello everyone! In this short episode, I want to talk about the new feature in Vulners Linux API. Alternative video link for Russia: Linux security bulletin publication dates are now included in scan results. Why is it useful? A few words why this Linux Audit API is needed. You collect a list of...

CVE-2022-29885

creationtimestamp| type| source ---|---|--- 2022-06-05 13:17:01+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/6139 2022-06-30 21:34:58+00:00| published-proof-of-concept| Telegram/-h5elRfZctG-aUd3dw0eY53VHCzOGJCXi3zvJY7v4zbQw 2022-07-01 09:07:26+00:00|...

CVE-2022-20210

creationtimestamp| type| source ---|---|--- 2022-06-02 16:11:50+00:00| seen| https://t.me/itsecnews/757 2022-06-03 12:07:29+00:00| seen| https://t.me/codebysec/6010 2022-06-03 13:45:04+00:00| seen| https://t.me/truesecator/3017 2022-06-07 07:00:55+00:00| seen| https://t.me/poxek/1706 2022-06-08...

GHSA-2PP9-R4RV-6P6J Exposure of Sensitive Information to an Unauthorized Actor in Jenkins

A exposure of sensitive information vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in Plugin.java that allows attackers to determine the date and time when a plugin HPI/JPI file was last extracted, which typically is the date of the most recent installation/upgrade...

CVE-2022-29383

creationtimestamp| type| source ---|---|--- 2022-05-13 16:27:50+00:00| seen| https://t.me/cibsecurity/42637 2022-05-15 19:21:39+00:00| published-proof-of-concept| https://t.me/cKure/9528 2022-07-04 20:35:52+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/6007 2025-01-26...

Moodle External function mod_assign_save_submission does not check due dates

The savesubmission function in mod/assign/externallib.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allows remote authenticated users to bypass intended due-date restrictions by leveraging the student role for a web-service...

GHSA-CW72-69WQ-F9F2 Moodle External function mod_assign_save_submission does not check due dates

The savesubmission function in mod/assign/externallib.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allows remote authenticated users to bypass intended due-date restrictions by leveraging the student role for a web-service...

CVE-2022-29846

creationtimestamp| type| source ---|---|--- 2022-05-11 22:40:48+00:00| seen| https://t.me/cibsecurity/42441 2023-03-17 21:59:16+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/post/windows/gather/credentials/whatsupgoldcredentialdump.rb 2025-02-06 03:13:45+00:00|...

CVE-2022-24816

creationtimestamp| type| source ---|---|--- 2022-04-14 00:18:15+00:00| seen| https://t.me/cibsecurity/40743 2024-06-26 18:10:02+00:00| seen| MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123 2024-11-08 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities - 2024-11-08 2024-11-13...

CVE-2022-22954

creationtimestamp| type| source ---|---|--- 2022-04-07 04:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=775 2022-04-07 07:51:03+00:00| seen| https://t.me/thehackernews/2058 2022-04-07 15:10:55+00:00| seen| https://t.me/ptswarm/119 2022-04-11 10:48:25+00:00|...

CVE-2022-0760

creationtimestamp| type| source ---|---|--- 2022-03-21 21:26:39+00:00| seen| https://t.me/cibsecurity/39334 2024-12-24 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities - 2024-12-24 2025-01-17 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities - 2025-01-17...

CVE-2022-0715

creationtimestamp| type| source ---|---|--- 2022-03-09 10:42:42+00:00| published-proof-of-concept| https://t.me/habrcomnews/3948 2022-03-09 15:30:00+00:00| seen| https://t.me/truesecator/2711 2022-03-09 22:15:14+00:00| seen| https://t.me/cibsecurity/38624 2022-03-10 17:35:45+00:00| exploited|...

Loki RAT (Relapse) SQL Injection Vulnerability

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/aabb54951546132e70a8e9f02bf8b5baB.txt Contact: email protected Media: twitter.com/malvuln Threat: Loki RAT Relapse Vulnerability: SQL Injection Description: The LokiRAT WebUI panel for LokiRATRelapse.e...

OpenJDK: Certificates with end dates too far in the future can corrupt keystore (Keytool, 8266137)

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Keytool. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated...

dates-md.de Cross Site Scripting vulnerability OBB-2337745

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...