CVE-2020-7790

This affects the package spatie/browsershot from 0.0.0. By specifying a URL in the file:// protocol an attacker is able to include arbitrary files in the resultant PDF...

Denial Of Service(DoS)

sqlite is vulnerable to denial of service attacks. Generated column optimizations allow null pointer dereference and segmentation faults...

lookn4u.com Cross Site Scripting vulnerability OBB-1428481

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

ASX To MP3 Converter 3.1.3.7.2010.11.05 Buffer Overflow

Exploit Title: ASX to MP3 converter 3.1.3.7.2010.11.05 - '.wax' Local Buffer Overflow DEP,ASLR Bypass PoC Software Link Download: https://github.com/x00x00x00x00/ASXtoMP3Converter3.1.3.7.2010.11.05/blob/master/ASXtoMP3Converter3.1.3.7.2010.11.05.exe?raw=true Exploit Author: Paras Bhatia Discovery...

Dopple-Ganging Up on Facial Recognition

ARCHIVED STORY Dopple-ganging up on Facial Recognition Systems By Steve Povolny · August 25, 2020 Co-authored with Jesse Chick, OSU Senior and Former McAfee Intern, Primary Researcher. Special thanks to Dr. Catherine Huang, McAfee Advanced Analytics Team Special thanks to Kyle Baldes, Former McAf...

ksmen.com.cn Cross Site Scripting vulnerability OBB-1272919

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

gretterconstrutora.com.br Cross Site Scripting vulnerability OBB-1272229

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

OPENSUSE-SU-2020:1227-1 Security update for postgresql96, postgresql10 and postgresql12

This update for postgresql96, postgresql10 and postgresql12 fixes the following issues: postgresql10 was updated to 10.13 bsc1171924. https://www.postgresql.org/about/news/2038/ https://www.postgresql.org/docs/10/release-10-13.html postgresql10 was updated to 10.12 CVE-2020-1720, bsc1163985 -...

Path traversal

In openapi-python-client before version 0.5.3, there is a path traversal vulnerability. If a user generated a client using a maliciously crafted OpenAPI document, it is possible for generated files to be placed in arbitrary locations on disk...

v-os.ca Cross Site Scripting vulnerability OBB-1259041

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

thailand.prd.go.th Cross Site Scripting vulnerability OBB-1253871

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

SUSE SLED15 / SLES15 Security Update : postgresql10 / postgresql12 (SUSE-SU-2020:2149-1)

This update for postgresql10 and postgresql12 fixes the following issues : postgresql10 was updated to 10.13 bsc1171924. https://www.postgresql.org/about/news/2038/ https://www.postgresql.org/docs/10/release-10-13.html postgresql10 was updated to 10.12 CVE-2020-1720, bsc1163985...

SUSE-SU-2020:2149-1 Security update for postgresql10 and postgresql12

This update for postgresql10 and postgresql12 fixes the following issues: postgresql10 was updated to 10.13 bsc1171924. https://www.postgresql.org/about/news/2038/ https://www.postgresql.org/docs/10/release-10-13.html postgresql10 was updated to 10.12 CVE-2020-1720, bsc1163985 -...

Design/Logic Flaw

Jenkins ZAP Pipeline Plugin 1.9 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download...

CVE-2020-2214

Jenkins ZAP Pipeline Plugin 1.9 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download...

CVE-2019-20868

An issue was discovered in Mattermost Server before 5.11.0. Invite IDs were improperly generated...

Cross-Site Scripting (XSS)

pngquant-bin is vulnerable to cross-site scripting XSS attacks. The raw.github.com subdomain does not properly sanitize user-generated content, allowing an attacker to upload potentially malicious contents...

news.worldofo.com Cross Site Scripting vulnerability OBB-1165928

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

mobilityonetransportation.com Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1162912 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website...

Elastic Cloud on Kubernetes 1.1.0 security update

Elastic Cloud on Kubernetes insecure password generation ESA-2020-03 Elastic Cloud on Kubernetes ECK versions prior to 1.1.0 generate passwords using a weak random number generator. If an attacker is able to determine when the current Elastic Stack cluster was deployed they may be able to more...