18 matches found
kay-page.com Cross Site Scripting vulnerability OBB-3902410
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
kay-kieserling.de Improper Access Control vulnerability OBB-3773634
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2022-37405
Cross-Site Request Forgery CSRF vulnerability in Mickey Kay's Better Font Awesome plugin = 2.0.1 at WordPress...
kay (>=0.1.0 <=0.5.1) potentially affected by CVE-2020-36433 via chunky (>=0.1.4 <=0.3.7)
chunky CARGO version =0.1.4, =0.1.0, =0.5.1 Source cves: CVE-2020-36433 Source advisory: OSV:GHSA-QG24-8XJ4-GJ2H...
kay (>=0.1.0 <=0.5.1) potentially affected by CVE-2020-36433 via chunky (>=0.1.4 <=0.3.7)
chunky CARGO version =0.1.4, =0.1.0, =0.5.1 Source cves: CVE-2020-36433 Source advisory: OSV:RUSTSEC-2020-0035...
Zeta Components Mail 1.8.1 - Remote Code Execution
Zeta Components Mail 1.8.1 - Remote Code Execution Vendor: Zeta Components module: Mail, returnPath-email”; If attacker assign email address like: '[email protected] -X/var/www/html/cache/exploit.php' and inject payload in mail body, sendmail will transfer log-X into...
Zeta Components Mail 1.8.1 - Remote Code Execution
Vendor: Zeta Components module: Mail, returnPath-email”; If attacker assign email address like: '[email protected] -X/var/www/html/cache/exploit.php' and inject payload in mail body, sendmail will transfer log-X into /var/www/html/cache/exploit.php. The resulting file will contain t...
Mary Kay® Virtual Makeover - Dangerous filesystem permissions, Insecure KeyStore vulnerabilities
HackApp vulnerability scanner discovered that application Mary Kay® Virtual Makeover published at the 'play' market has multiple vulnerabilities...
extension): MITM due to improper validation of AX attribute signatures
message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used in JBoss Enterprise Application Platform 5.1 before 5.1.2, Step2, Kay Framework before 1.0.2, and possibly other products does not verify that Attribute Exchange AX information is signed, which allows remote attackers to modify...
extension): MITM due to improper validation of AX attribute signatures
message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used in JBoss Enterprise Application Platform 5.1 before 5.1.2, Step2, Kay Framework before 1.0.2, and possibly other products does not verify that Attribute Exchange AX information is signed, which allows remote attackers to modify...
DEBIAN-CVE-2011-4314
message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used in JBoss Enterprise Application Platform 5.1 before 5.1.2, Step2, Kay Framework before 1.0.2, and possibly other products does not verify that Attribute Exchange AX information is signed, which allows remote attackers to modify...
Input validation
message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used in JBoss Enterprise Application Platform 5.1 before 5.1.2, Step2, Kay Framework before 1.0.2, and possibly other products does not verify that Attribute Exchange AX information is signed, which allows remote attackers to modify...
CVE-2011-4314
message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used in JBoss Enterprise Application Platform 5.1 before 5.1.2, Step2, Kay Framework before 1.0.2, and possibly other products does not verify that Attribute Exchange AX information is signed, which allows remote attackers to modify...
CVE-2011-4314
message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used in JBoss Enterprise Application Platform 5.1 before 5.1.2, Step2, Kay Framework before 1.0.2, and possibly other products does not verify that Attribute Exchange AX information is signed, which allows remote attackers to modify...
CVE-2011-4314
CVE-2011-4314 affects OpenID4Java, where AxMessage.java did not verify that Attribute Exchange (AX) data is signed. This allows a remote attacker to modify AX information during MITM without detection. The issue is present in OpenID4Java prior to 0.9.6 final and is used by products such as JBoss ...
extension): MITM due to improper validation of AX attribute signatures
message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used in JBoss Enterprise Application Platform 5.1 before 5.1.2, Step2, Kay Framework before 1.0.2, and possibly other products does not verify that Attribute Exchange AX information is signed, which allows remote attackers to modify...
extension): MITM due to improper validation of AX attribute signatures
message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used in JBoss Enterprise Application Platform 5.1 before 5.1.2, Step2, Kay Framework before 1.0.2, and possibly other products does not verify that Attribute Exchange AX information is signed, which allows remote attackers to modify...
Unfixed XSS vulnerability at www.marykay.com
Security researcher tenest, has submitted on 01/10/2007 a cross-site-scripting XSS vulnerability affecting www.marykay.com, which at the time of submission ranked 16823 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 05/10/2007. It is currently...