CVE-2026-33685

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the plugin/ADServer/reports.json.php endpoint performs no authentication or authorization checks, allowing any unauthenticated attacker to extract ad campaign analytics data including video titles, user channel...

CVE-2019-1010316

pyxtrlock 0.3 and earlier is affected by: Incorrect Access Control. The impact is: False locking impression when run in a non-X11 session. The fixed version is: 0.4...

dark-impression.de Improper Access Control vulnerability OBB-3774727

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

XSS Vulnerability in Impression Notes Windows Client

Impression Notes is an excellent electronic notes data management software. An XSS vulnerability exists in the Impression Notes Windows client, which can be exploited by an attacker to obtain user cookie information...

Out of My Depth (Where I Belong)

I remember well my first day as a member of Akamai's InfoSec department. The Friday prior, I'd just completed the Akamai Technical Academy, a five-month crash-course in all things tech, and was now, on a cold but sunny Monday morning, joining InfoSec for their weekly staff meeting. Eager to make ...

Impression Notes (Windows client) suffers from a dll hijacking vulnerability

Impression Notes is an office software with real-time search, tag categorization, support for large databases and other features that allows you to access your notes, record information, find materials and more anytime, anywhere. A dll hijacking vulnerability exists in Impression Notes Windows...

Apple Claims Google is Spreading FUD Over Patched iPhone Bugs

Apple has called out Google for promoting a “false impression” about iOS vulnerabilities the iPhone maker said it fixed in February. It claims Google is unnecessarily panicking Apple customers. On Aug. 29, Ian Beer of Google’s Project Zero published a blog post that took a “very deep dive” into 1...

CVE-2019-1010316

pyxtrlock 0.3 and earlier is affected by: Incorrect Access Control. The impact is: False locking impression when run in a non-X11 session. The fixed version is: 0.4...

CVE-2019-1010316

pyxtrlock 0.3 and earlier is affected by: Incorrect Access Control. The impact is: False locking impression when run in a non-X11 session. The fixed version is: 0.4...

CVE-2019-1010316

CVE-2019-1010316 affects pyxtrlock versions ≤ 0.3 and earlier. The issue is an Incorrect Access Control that yields a false locking impression when run in a non-X11 session. The fix is in version 0.4 . No exploitation details are provided in the connected documents.

impression-catalog.ro XSS vulnerability

Open Bug Bounty ID: OBB-718329 Description| Value ---|--- Affected Website:| impression-catalog.ro Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| hidden until disclosure Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:|...

Impression Notes has an information leakage vulnerability

Impression Notes is a versatile note-taking application. An information disclosure vulnerability exists in Impression Notes. The vulnerability stems from the program failing to encrypt its own database after turning on a password lock, which can be exploited by attackers to obtain sensitive...

fad-seripub.com XSS vulnerability

Open Bug Bounty ID: OBB-626628 Description| Value ---|--- Affected Website:| fad-seripub.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

verkehrsinformation.de XSS vulnerability

Vulnerable URL: http://www.verkehrsinformation.de/?tmp=impressum%22%3E%3Cscript%3Ealert%28%27XSSPOSED%27%29%3C/script%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 25.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 94971 Google...

stickers-discount.com XSS vulnerability

Open Bug Bounty ID: OBB-94969 Description| Value ---|--- Affected Website:| stickers-discount.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention...

HackerOne: Session Hijacking attack (Different Scenario)

Hey I was able to replay a cookie of a current active session and hijack that by replaying the cookie. Now this is different from any conventional vanilla session hijacking because it works even when the user is not logged in. But the condition is that the victim's session must be active at the...

Ad Manager Pro SQL Injection / Cross Site Scripting

----------------------------------------------------------- Ad Manager Pro Bug discovered by Yakir Wizman Date 24/08/2012 Vendor Homepage - http://www.phpwebscripts.com/ad-manager-pro/ Demo - http://www.scripts-demo.com/admanagerpro/ ISRAEL...

Ad Manager Pro - Multiple Vulnerabilities

----------------------------------------------------------- Ad Manager Pro Bug discovered by Yakir Wizman Date 24/08/2012 Vendor Homepage - http://www.phpwebscripts.com/ad-manager-pro/ Demo - http://www.scripts-demo.com/admanagerpro/ ISRAEL...

idevspot Text ads 2.08 SQL Injection Vulnerability

Exploit for php platform in category web applications ================================================== idevspot Text ads 2.08 SQL Injection Vulnerability ================================================== Title:idevspot Text ads 2.08 sqli vulnerability Author: Sid3^effects Published: 2010-06-06...