kar-men.com Cross Site Scripting vulnerability OBB-3856372

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

hu.blackbelt.osgi.filestore:features (>=1.2.1 <=1.3.0), hu.blackbelt.osgi.filestore:kar (>=1.2.1 <=1.3.0) +40 more potentially affected by CVE-2021-45105 via org.ops4j.pax.logging:pax-logging-log4j2 (>=2.0.0 <=2.0.12)

org.ops4j.pax.logging:pax-logging-log4j2 MAVEN version =2.0.0, =1.2.1, =1.2.1, =1.0.12, =1.0.12, =2.14.2, =2.19.0, =3.12.0, =3.12.0, =4.3.3, =4.3.3, =4.3.3, =4.3.3, =4.3.3, =4.3.3, =4.3.4 and more Source cves: CVE-2021-45105 Source advisory: OSV:GHSA-P6XC-XR62-6R2G...

ObjectPlanet Opinio 7.12 Cross Site Scripting

Exploit Title: ObjectPlanet Opinio 7.12 allows Cross-Site Scripting Vendor Homepage: https://www.objectplanet.com/opinio/ Software Link: https://www.objectplanet.com/opinio/ Exploit Authors: Ang Kar Min https://www.linkedin.com/in/karmin-ang CVE: CVE-2020-26563 Timeline - September 2019: Initial...

phpList 3.5.0 Authentication Bypass

Exploit Title: phpList 3.5.0 - Authentication Bypass Google Dork: N/A Date: 2020-02-03 Exploit Author: Suvadip Kar Author Contact: https://twitter.com/spidersec Vendor Homepage: https://www.phplist.org Software Link: https://www.phplist.org/download-phplist/ Version: 3.5.0 Tested on: Linux CVE :...

phpList 3.5.0 - Authentication Bypass Vulnerability

Exploit for php platform in category web applications Exploit Title: phpList 3.5.0 - Authentication Bypass Exploit Author: Suvadip Kar Author Contact: https://twitter.com/spidersec Vendor Homepage: https://www.phplist.org Software Link: https://www.phplist.org/download-phplist/ Version: 3.5.0...

phpList 3.5.0 - Authentication Bypass

phpList 3.5.0 - Authentication Bypass Exploit Title: phpList 3.5.0 - Authentication Bypass Google Dork: N/A Date: 2020-02-03 Exploit Author: Suvadip Kar Author Contact: https://twitter.com/spidersec Vendor Homepage: https://www.phplist.org Software Link: https://www.phplist.org/download-phplist/...

Jobberbase 2.0 CMS - &#039;jobs-in&#039; SQL Injection

Exploit Title: Jobberbase 2.0 CMS - 'jobs-in' SQL Injection Google Dork: N/A Date: 28, August 2019 Exploit Author: Suvadip Kar Vendor Homepage: http://jobberbase.com/ Software Link: https://github.com/filipcte/jobberbase/zipball/master Version: 2.0 Tested on: Linux CVE : N/A...

karchive/karchive_fuzzer: Heap-buffer-overflow in QByteArray::operator=

Project: git://anongit.kde.org/karchive Detailed report: https://oss-fuzz.com/testcase?key=5750712295751680 Project: karchive Fuzzer: aflkarchivefuzzer Fuzz target binary: karchivefuzzer Job Type: aflasankarchive Platform Id: linux Crash Type: Heap-buffer-overflow READ 1 Crash Address:...

karchive/karchive_fuzzer: Heap-buffer-overflow in QByteArray::operator=

Project: git://anongit.kde.org/karchive Detailed report: https://oss-fuzz.com/testcase?key=5723860730642432 Project: karchive Fuzzer: aflkarchivefuzzer Fuzz target binary: karchivefuzzer Job Type: aflasankarchive Platform Id: linux Crash Type: Heap-buffer-overflow READ 1 Crash Address:...

CVE-2019-0191

Apache Karaf kar deployer reads .kar archives and extracts the paths from the "repository/" and "resources/" entries in the zip file. It then writes out the content of these paths to the Karaf repo and resources directories. However, it doesn't do any validation on the paths in the zip file. This...

GHSA-869J-5855-HJPM Moderate severity vulnerability that affects org.apache.karaf:apache-karaf and org.apache.karaf:karaf

Apache Karaf kar deployer reads .kar archives and extracts the paths from the "repository/" and "resources/" entries in the zip file. It then writes out the content of these paths to the Karaf repo and resources directories. However, it doesn't do any validation on the paths in the zip file. This...

CVE-2019-0191

Apache Karaf kar deployer reads .kar archives and extracts the paths from the "repository/" and "resources/" entries in the zip file. It then writes out the content of these paths to the Karaf repo and resources directories. However, it doesn't do any validation on the paths in the zip file. This...

CVE-2019-0191

Apache Karaf kar deployer reads .kar archives and extracts the paths from the "repository/" and "resources/" entries in the zip file. It then writes out the content of these paths to the Karaf repo and resources directories. However, it doesn't do any validation on the paths in the zip file. This...

CVE-2019-0191

Summary: CVE-2019-0191 affects Apache Karaf kar deployer. The ZIP-slip vulnerability arises because the kar deployer reads .kar archives and extracts entries from repository/ and resources/ without validating paths, allowing a malicious .kar to contain directory traversal (..), which can cause th...

kar-men.com XSS vulnerability

Open Bug Bounty ID: OBB-578506 Description| Value ---|--- Affected Website:| kar-men.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...