113 matches found
DEBIAN-CVE-2023-30861
Flask is a lightweight WSGI web application framework. When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the proxy to other clients. If the proxy also caches Set-Cookie headers, it may send one client's session...
UBUNTU-CVE-2023-30861
Flask is a lightweight WSGI web application framework. When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the proxy to other clients. If the proxy also caches Set-Cookie headers, it may send one client's session...
walkerbooks.com.au Cross Site Scripting vulnerability OBB-2922918
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
GSD-2022-1001603 mm/kmemleak: reset tag when compare object pointer
mm/kmemleak: reset tag when compare object pointer This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.16.19 by commit...
rubygem-actionpack: possible strong parameters bypass
A flaw was found in rubygem-actionpack. Untrusted hashes of data is possible for values of each, eachvalue, and eachpair which can lead to cases of user supplied information being leaked from Strong Parameters. Applications that use these hashes may inadvertently use untrusted user input. The...
zuerioberland-tourismus.ch XSS vulnerability
Open Bug Bounty ID: OBB-603483 Description| Value ---|--- Affected Website:| zuerioberland-tourismus.ch Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
LeakVM - Research & Pentesting Framework For Android, Run Security Tests Instantly
LeakVM: Run security tests instantly. Why LeakVM : LeakVM fast security test on Android, by skipping the time-consuming build pen-testing laboratories, you can test on real devices or virtual devices. LeakVM makes researchers and pen-testers more productive since they can run the test on real tim...
tr.wikiloc.com XSS vulnerability
Open Bug Bounty ID: OBB-533694 Description| Value ---|--- Affected Website:| tr.wikiloc.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
Ruby on Rails: ActionController::Parameters .each returns an unsafe hash
Rails 5.1.4 The goal of ActionController::Parameters's permit method strong parameters is to prevent accidental trust in the parameters sent by the client. We can therefore not simply create a hash of all the parameters in the params without permitting them first. When we really want to do this...
Cross-site Scripting (XSS)
riotjs is vulnerable to cross-site scripting XSS attacks. This is because of how each is evaluated. It copies the expressions evaluated to the child tags and if this information is controlled by a user, it can execute JavaScript...
dance.nyc XSS vulnerability
Vulnerable URL: https://www.dance.nyc/search/?dir=%3C/script%3E%3Cscript%3Ealert'OPENBUGBOUNTY';%3C/script%3E%3Cscript%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 27.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 759468 VIP...
chromium-browser: same origin bypass in blink v8 bindings
The forEachForBinding function in WebKit/Source/bindings/core/v8/Iterable.h in the V8 bindings in Blink, as used in Google Chrome before 50.0.2661.102, uses an improper creation context, which allows remote attackers to bypass the Same Origin Policy via a crafted web site...
Fedora Update for quagga FEDORA-2007-2196
Check for the Version of quagga OpenVAS Vulnerability Test Fedora Update for quagga FEDORA-2007-2196 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...