723 matches found
OESA-2022-1851 squid security update
Squid is a high-performance proxy caching server. It handles all requests in a single, non-blocking, I/O-driven process and keeps meta data and implements negative caching of failed requests. Security Fixes: An issue was discovered in Squid through 4.7. When Squid is parsing ESI, it keeps the ESI...
tunnetaitojalapselle.fi Cross Site Scripting vulnerability OBB-2830644
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
vinaseed.com.vn Cross Site Scripting vulnerability OBB-2791575
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
triumph-occasion.fr Cross Site Scripting vulnerability OBB-2613493
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
eurotherm-sales.com Cross Site Scripting vulnerability OBB-2613414
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
MoinMoin Improper ACL handling for calendars and includes
MoinMoin before 20070507 does not properly enforce ACLs for calendars and includes, which allows remote attackers to read certain pages via unspecified vectors...
mabinogi.fws.tw Cross Site Scripting vulnerability OBB-2505503
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
com.brdev.ethereumpostage.info Cross Site Scripting vulnerability OBB-2468930
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
cheminsdetravers.fr Cross Site Scripting vulnerability OBB-2444942
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
impressionsstudio.com Cross Site Scripting vulnerability OBB-2439520
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2022-24979
An issue was discovered in the Varnishcache extension before 2.0.1 for TYPO3. The Edge Site Includes ESI content element renderer component does not include an access check. This allows an unauthenticated user to render various content elements, resulting in insecure direct object reference IDOR,...
CVE-2022-24979
An issue was discovered in the Varnishcache extension before 2.0.1 for TYPO3. The Edge Site Includes ESI content element renderer component does not include an access check. This allows an unauthenticated user to render various content elements, resulting in insecure direct object reference IDOR,...
CVE-2022-24979
An issue was discovered in the Varnishcache extension before 2.0.1 for TYPO3. The Edge Site Includes ESI content element renderer component does not include an access check. This allows an unauthenticated user to render various content elements, resulting in insecure direct object reference IDOR,...
apply.umgc.edu Cross Site Scripting vulnerability OBB-2309583
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Employee Record Management System Directory Traversal Vulnerability
Employee Record Management System is an employee record management system. Employee Record Management System has a directory traversal vulnerability that originates from a directory traversal vulnerability in the admin/includes/ file, which can be exploited by an attacker to retrieve and download...
CVE-2021-39314
The WooCommerce EnvioPack WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the dataid parameter found in the /includes/functions.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2...
WordPress 插件跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers.WooCommerce EnvioPack plugin is a WordPress open source application plugin.The WordPress WooCommerce EnvioPack plugin h...
CVE-2021-44965
Directory traversal vulnerability in /admin/includes/ directory for PHPGURUKUL Employee Record Management System 1.2 The attacker can retrieve and download sensitive information from the vulnerable server...
CVE-2021-44965
Directory traversal vulnerability in /admin/includes/ directory for PHPGURUKUL Employee Record Management System 1.2 The attacker can retrieve and download sensitive information from the vulnerable server...
PT-2021-24186 · Unknown · Phpgurukul Employee Record Management System
Name of the Vulnerable Software and Affected Versions: PHPGURUKUL Employee Record Management System version 1.2 Description: The issue allows an attacker to perform a directory traversal attack in the /admin/includes/ directory. This enables the retrieval and download of sensitive information fro...