112 matches found
last-minute-showboerse.de Cross Site Scripting vulnerability OBB-3899946
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
last-minute-showboerse.de Cross Site Scripting vulnerability OBB-3895783
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
PT-2024-2328 · Cisco · Cisco Ios Xr
Name of the Vulnerable Software and Affected Versions: Cisco IOS XR Software affected versions not specified Description: A vulnerability in the DHCP version 4 DHCPv4 server feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to trigger a crash of the dhcpd process,...
CVE-2024-23061
TOTOLINK A3300R V17.0.0cu.557B20221024 was discovered to contain a command injection vulnerability via the minute parameter in the setScheduleCfg function...
TOTOLINK A3300R 安全漏洞
TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK A3300R version V17.0.0cu.557B20221024, which stems from the minute parameter of the setScheduleCfg method failing to correctly filter construct command special...
PT-2024-19653 · Totolink · Totolink A3300R
Name of the Vulnerable Software and Affected Versions: TOTOLINK A3300R version V17.0.0cu.557 B20221024 Description: A command injection issue was found via the minute parameter in the setScheduleCfg function. This allows for potential exploitation. Recommendations: For TOTOLINK A3300R version...
CVE-2024-23061
TOTOLINK A3300R V17.0.0cu.557B20221024 was discovered to contain a command injection vulnerability via the minute parameter in the setScheduleCfg function...
last-minute-daenemark.de Improper Access Control vulnerability OBB-3768459
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
winter-last-minute.de Cross Site Scripting vulnerability OBB-3487299
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
last-minute-showboerse.de Cross Site Scripting vulnerability OBB-3461630
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
minute-hebdo.fr Cross Site Scripting vulnerability OBB-3453306
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Upgraded Q -> 2 from #327 [1686724891862]
Judge has assessed an item in Issue 327 as 2 risk. The relevant finding follows: L-04 addBid does not increment the endBlock of the auction when it is close to the end, preventing the protocol from capturing extra value When an Auction is created, it sets a lotItem.endBlock. This value remains...
Command injection
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the minute parameter in the setRebootScheCfg function...
TOTOLINK CA300-PoE 命令注入漏洞
The TOTOLINK CA300-PoE is a wireless access point from China Gion Electronics TOTOLINK. A security vulnerability exists in TOTOLINK CA300-PoE version V6.2c.884, which is caused by a command injection issue in the minute parameter of the setRebootScheCfg method...
NETGEAR Router Vulnerability Allowed Access to Restricted Services
By Deeba Ahmed According to Tenable research, NETGEAR had to release last-minute patches for their devices that were a part of the Pwn2Own event. This is a post from HackRead.com Read the original post: NETGEAR Router Vulnerability Allowed Access to Restricted Services...
CVE-2022-44193
Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow in /usr/sbin/httpd via parameters: starthour, startminute , endhour, and endminute...
VPN SNX portal may be vulnerable to brute-force attack on passwords
Cause The VPN SNX portal in the IPsec VPN Software Blade does not implement any protection against brute-force attack on usernames/passwords. Symptoms - The IPsec VPN blade has a dedicated portal for downloading and connecting through SSL Network Extender SNX. If the portal is configured for...
CVE-2022-38392
Certain 5400 RPM hard drives, for laptops and other PCs in approximately 2005 and later, allow physically proximate attackers to cause a denial of service device malfunction and system crash via a resonant-frequency attack with the audio signal from the Rhythm Nation music video. A reported produ...
WordPress Five Minute Webshop plugin SQL injection vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The WordPress plugin is an application plugin. WordPress Five Minute Webshop plugin 1.3.2 and previous versions are vulnerable to SQL injection, which...
CVE-2022-1686
The Five Minute Webshop WordPress plugin through 1.3.2 does not sanitise and escape the id parameter before using it in a SQL statement when editing a product via the admin dashboard, leading to an SQL Injection...