GitLab: Dependecy Confusion via Lookup Request Forwarding to PyPi.org

Summary pip is probably the most popular Python package manager and can be used to install packages from the publicly available Python Package Index PyPi at pypi.org or form internal package repositories. In the beginning of 2021, a vulnerability type called Dependency Confusion attracted some...

ReDOS vulnerabities: multiple grammars

Impact: Potential ReDOS vulnerabilities exponential and polynomial RegEx backtracking oswasp: The Regular expression Denial of Service ReDoS is a Denial of Service attack, that exploits the fact that most Regular Expression implementations may reach extreme situations that cause them to work very...

vandanayellowpages.com Cross Site Scripting vulnerability OBB-1387585

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

jbsausagesupplies.com XSS vulnerability

Open Bug Bounty ID: OBB-673178 Description| Value ---|--- Affected Website:| jbsausagesupplies.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

mupdf/pdf_fuzzer: Use-of-uninitialized-value in fz_maxi

Project: git://git.ghostscript.com/mupdf.git Detailed report: https://oss-fuzz.com/testcase?key=4803533114179584 Project: mupdf Fuzzer: libFuzzermupdfpdffuzzer Fuzz target binary: pdffuzzer Job Type: libfuzzermsanmupdf Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash...

apps.creative-designs.ca XSS vulnerability

Vulnerable URL: http://apps.creative-designs.ca/mobile/?appcode=TackApp=WebTierViewControllerid=2595013url=L21vYmlsZS8/YXBwY29kZT1UYWNrQXBwJmNvbnRyb2xsZXI9TW9yZVZpZXdDb250cm9sbGVy=%3C/title%3E%3C/script/%22-alert%280%29-%22--%3E%3Cimg/onerror=%27;%20alert%28/OPENBUGBOUNTY/%29;%27src=1%3E Details:...

WordPress Plugin Business Intelligence - SQL Injection (Metasploit)

Exploit Title : Wordpress Plugin 'Business Intelligence' Remote SQL Injection vulnerability Author : Jagriti Sahu AKA Incredible Vendor Link : https://www.wpbusinessintelligence.com Download Link : https://downloads.wordpress.org/plugin/wp-business-intelligence-lite.1.6.1.zip Date : 1/04/2015...