47 matches found
Yumpu ePaper publishing <= 2.0.24 - Missing Authorization to PDF Upload, Publishing, and API Key Modification
Description The Yumpu ePaper publishing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxhandler function in all versions up to, and including, 2.0.24. This makes it possible for authenticated attackers, with subscriber-level...
WordPress Yumpu ePaper publishing Plugin <= 2.0.24 is vulnerable to Broken Access Control
Software Yumpu ePaper publishing Type Plugin Vulnerable versions = 2.0.24 Fixed in 3.0.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3277 Patch priority Low CVSS severity Low 5 Developer Claim ownership PSID 08c9f70d34e3 Credits Lucio Sá Required...
epaper.thedailystar.net XSS vulnerability
Open Bug Bounty ID: OBB-597404 Description| Value ---|--- Affected Website:| epaper.thedailystar.net Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
epaper.prothom-alo.com XSS vulnerability
Open Bug Bounty ID: OBB-278462 Description| Value ---|--- Affected Website:| epaper.prothom-alo.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention...
epaper.livemint.com XSS vulnerability
Vulnerable URL: http://epaper.livemint.com/epaper/showarticle.aspx?article=e14426e7-9a0a-433d-a879-29c2ee95b730=Lvirvw2dagBrevZ8EaLqWw%3d%3d';prompt"OPENBUGBOUNTY";var x='y=67862017072900000000001001 Details: Description| Value ---|--- Patched:| No Latest check for patch:| 27.10.2017 Vulnerabilit...
epaper.theday.com XSS vulnerability
Open Bug Bounty ID: OBB-270715 Description| Value ---|--- Affected Website:| epaper.theday.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
epaper.enavabharat.com XSS vulnerability
Open Bug Bounty ID: OBB-266516 Description| Value ---|--- Affected Website:| epaper.enavabharat.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
epaper.haribhoomi.com XSS vulnerability
Vulnerable URL: http://epaper.haribhoomi.com/photogallery.php?edate==72"=1 Details: Description| Value ---|--- Patched:| No Latest check for patch:| 13.10.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website status:| No Check...
epaper.thehimalayantimes.com XSS vulnerability
Vulnerable URL: http://epaper.thehimalayantimes.com/pagezoomsin.php?img=="alert'OPENBUGBOUNTY'...
epaper.dailyausaf.com XSS vulnerability
Vulnerable URL: http://epaper.dailyausaf.com/page?stationid=alert'OPENBUGBOUNTY';...
RevierSport ePaper - Exported components, External URLs, Native code usage vulnerabilities
HackApp vulnerability scanner discovered that application RevierSport ePaper published at the 'play' market has multiple vulnerabilities...
GA ePaper - MIT license, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application GA ePaper published at the 'play' market has multiple vulnerabilities...
InTouch DE ePaper - Native code usage, SD-card access, Suspicious files vulnerabilities
HackApp vulnerability scanner discovered that application InTouch DE ePaper published at the 'play' market has multiple vulnerabilities...
StZ digital ePaper - Customized SSL, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application StZ digital ePaper published at the 'play' market has multiple vulnerabilities...
BRAVO ePaper - Native code usage, SD-card access, Suspicious files vulnerabilities
HackApp vulnerability scanner discovered that application BRAVO ePaper published at the 'play' market has multiple vulnerabilities...
WN ePaper - Customized SSL, Redefined SSL Common Names verifier, WebView SSL handling enabled vulnerabilities
HackApp vulnerability scanner discovered that application WN ePaper published at the 'play' market has multiple vulnerabilities...
Mittelbayerische ePaper - Dynamic Code Loading, Exported components, External URLs vulnerabilities
HackApp vulnerability scanner discovered that application Mittelbayerische ePaper published at the 'play' market has multiple vulnerabilities...
BRAVO GIRL! ePaper - Native code usage, SD-card access, Suspicious files vulnerabilities
HackApp vulnerability scanner discovered that application BRAVO GIRL! ePaper published at the 'play' market has multiple vulnerabilities...
Merkur ePaper - ContentProvider mode not defined, Dynamic Code Loading, Exported components vulnerabilities
HackApp vulnerability scanner discovered that application Merkur ePaper published at the 'play' market has multiple vulnerabilities...
OP ePaper - Customized SSL, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application OP ePaper published at the 'play' market has multiple vulnerabilities...