135 matches found
bangladesh.gov.bd Cross Site Scripting vulnerability OBB-3917764
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
customs.gov.dm Cross Site Scripting vulnerability OBB-3911589
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
oce.oregon.gov Cross Site Scripting vulnerability OBB-3860762
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
web2.gov.mb.ca Cross Site Scripting vulnerability OBB-3823563
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
nala.gov.et Cross Site Scripting vulnerability OBB-3817788
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
SideWinder’s Nim Backdoor Spells Trouble for South Asian Nations
Summary: SideWinder, also known as Razor Tiger, commenced its offensive operations in 2012 and has recently shifted its focus to targeting Bhutan. It employs deceptive content, ultimately executing the Nim Backdoor. The decoy content utilized in the sample is directly sourced from announcements...
home.sagia.gov.sa Open Redirect vulnerability OBB-3160936
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Open redirect on government website sends users to adult content
Fake websites and open redirects have conspired to make things awkward for a UKGOV website. The site in question, riverconditionsdotenvironment-agencydotgovdotuk, was being abused in search engine results to redirect to various sites which arent associated with UKGOV--most of which were adult...
UK gov website being used to redirect to porn sites
TL;DR UK Government Environment Agency web site had an open redirect that was actively being used to redirect to various porn sites, including OnlyFans clone sites. Disclosure should have been easy but wasn’t, as the agency haven’t followed wider UK government policy on vulnerability disclosure...
gampaha.ps.gov.lk Cross Site Scripting vulnerability OBB-2745680
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
pmint.terengganu.gov.my Cross Site Scripting vulnerability OBB-2520424
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
catanduvas.sc.gov.br Cross Site Scripting vulnerability OBB-2454337
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
lingkunganhidup.jakarta.go.id Cross Site Scripting vulnerability OBB-2411554
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
All Vulnerabilities for records.tceq.texas.gov Patched via Open Bug Bounty
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
canhsatpccc.vinhphuc.gov.vn Cross Site Scripting vulnerability OBB-2383471
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
bdhckl.gov.bd Improper Access Control vulnerability OBB-2310171
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Attackers Impersonate DoT in Two-Day Phishing Scam
Threat actors impersonated the U.S. Department of Transportation USDOT in a two-day phishing campaign that used a combination of tactics – including creating new domains that mimic federal sites so as to appear to be legitimate – to evade security detections. Between Aug. 16-18, researchers at...
U.S. General Services Administration: e-mail verification bypass through interception & modification of response status
Hi, During registration of account at https://tams.preprod.gsa.gov, e-mail verification code validation can be bypassed through intercepting & modifying the response status-from "success":false to "success":true Video F1284281 is for reference. Steps To Reproduce 1. Open User Registration Url -...
sics.kerala.gov.in Cross Site Scripting vulnerability OBB-1483255
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
S-CMS government website system backend has SQL injection vulnerability
S-CMS government station building system is Zibo Shining Network Technology Co., Ltd. developed a special government station building solutions to provide products. There is a SQL injection vulnerability in the backend of S-CMS government website system. Attackers can use this vulnerability to...