25 matches found
EUVD-2017-6420
Malware in sbrugna...
StarCities E-Municipality Management 跨站脚本漏洞
StarCities E-Municipality Management is an electronic municipal management system from StarCities USA. A cross-site scripting vulnerability exists in versions prior to StarCities E-Municipality Management 20250825, which stems from improper input neutralization during web page generation and coul...
Local Government Cybersecurity: Why Municipal Systems Need Extra Protection
Cybersecurity threats to local governments are part of life in the digital environment in which people live today.…...
Chinese Hackers Exploit Ivanti EPMM Bugs in Global Enterprise Network Attacks
A recently patched pair of security flaws affecting Ivanti Endpoint Manager Mobile EPMM software has been exploited by a China-nexus threat actor to target a wide range of sectors across Europe, North America, and the Asia-Pacific region. The vulnerabilities, tracked as CVE-2025-4427 CVSS score:...
PT-2025-5829
Name of the Vulnerable Software and Affected Versions Trimble Cityworks versions prior to 15.8.9 Trimble Cityworks with office companion versions prior to 23.10 Description A deserialization vulnerability could allow an authenticated user to perform a remote code execution attack against a...
quebecmunicipal.qc.ca Cross Site Scripting vulnerability OBB-3400473
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
New HiatusRAT Malware Targets Business-Grade Routers to Covertly Spy on Victims
A never-before-seen complex malware is targeting business-grade routers to covertly spy on victims in Latin America, Europe, and North America at least since July 2022. The elusive campaign, dubbed Hiatus by Lumen Black Lotus Labs, has been found to deploy two malicious binaries, a remote access...
Osprey Pump Controller 1.0.1 userName Command Injection Vulnerability
Osprey Pump Controller 1.0.1 userName Blind Command Injection Vendor: ProPump and Controls, Inc. Product web page: https://www.propumpservice.com | https://www.pumpstationparts.com Affected version: Software Build ID 20211018, Production 10/18/2021 Mirage App: MirageAppManager, Release 1.0.1 Mira...
Crippling Cyberattacks, Disinformation Top Concerns for Election Day
What keeps researchers up at night leading up to Nov. 3 isn’t election-day winners and losers. Most cite possible attacks on local infrastructure, crippling ransomware incidents and disinformation campaigns. There are also many concerned voters this year. Election-related cybersecurity attacks ha...
Vermont Taxpayers Warned of Data Leak Over the Past Three Years
The Vermont Department of Taxes may have been exposing taxpayer data that could be used in credential scams for more than three years due to a vulnerability in its online tax filing system. A notice PDF posted on the department’s website warned taxpayers who filed a Property Transfer Tax return...
Knoxville Ransomware Attack Leads to IT Network Shutdown
The city of Knoxville, Tenn. is reeling from a ransomware attack that knocked the city’s network offline and prevented police officers from responding to non-life-threatening traffic crashes. The incident occurred Wednesday and shuttered systems until Thursday. Also impacted was the city’s intern...
Ransomware Hits Georgia Courts as Municipal Attacks Spread
Almost every month in 2019 so far has seen reports of a local government falling prey to ransomware, but this series of attacks belies an even broader threat...
City Pays $2K in Ransomware, Stirs ‘Never Pay’ Debate
The city of West Haven, Conn. made the hard choice to pay cyberattackers a $2,000 ransom after being hit with malware that ground their operations to a halt. West Haven said that its City Hall offices were the victim of a ransomware attack, which the U.S. Department of Homeland Security determine...
DDoS-Happy ‘Bitcoin Baron’ Sentenced to Almost 2 Years in Jail
The Bitcoin Baron, a self-proclaimed vigilante responsible for DDoS attacks on civic networks in Madison, Wisc., San Marcos, Texas, and other sites in 2015, has been collared in Phoenix and sentenced to serve 20 months in prison. The conviction and sentencing is only for the former attack, in whi...
jacksoncountymunicipalcourt.com XSS vulnerability
Open Bug Bounty ID: OBB-619887 Description| Value ---|--- Affected Website:| jacksoncountymunicipalcourt.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
marionmunicipalcourt.org XSS vulnerability
Open Bug Bounty ID: OBB-619436 Description| Value ---|--- Affected Website:| marionmunicipalcourt.org Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
Information disclosure
Trapeze TransitMaster is vulnerable to information disclosure emails / hashed passwords via a modified userID field in JSON data to ManageSubscriber.aspx/GetSubscriber. NOTE: this software is independently deployed at multiple municipal transit systems; it is not found exclusively on the...
concejomunicipalmoniquira.gov.co XSS vulnerability
Open Bug Bounty ID: OBB-272387 Description| Value ---|--- Affected Website:| concejomunicipalmoniquira.gov.co Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6....
concejo-municipal-lerida-tolima.gov.co XSS vulnerability
Open Bug Bounty ID: OBB-271690 Description| Value ---|--- Affected Website:| concejo-municipal-lerida-tolima.gov.co Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3...
The Jetson’s Cyber Concerns – Future Smart Cities Cybersecurity Checklist
As cities continue to grow smarter, they will also become easier to hack. With millions if not billions of dollars going into research for urban domains and the Internet of Things IoT, there will be more opportunities to utilize technology to define, access and improve smart city services and...