ChainLink price data could be stale

Handle cmichel Vulnerability details Vulnerability Details There is no check in FSDNetwork.getEtherPrice if the return values indicate stale data. This could lead to stale prices according to the Chainlink documentation: under current notifications: "if answeredInRound roundId could indicate stal...

Nextcloud: Ransomware protection is missing extentions

So again I'm not sure if this is in scope. However you do advertise this on your enterprise pages. So I assume so. In any case. It seems your ransomewareprotection app is missing some common extentions. See for example...

Sifchain: Vulnerable javascript dependency at Main domain

Hello, Issue detail, Burp observed 1 outdated JavaScript libraries with 4 known vulnerabilities. Burp detected bootstrap version 4.0.0, which has the following vulnerabilities: CVE-2019-8331: XSS in data-template, data-content and data-title properties of tooltip/popover CVE-2018-14041: XSS in...

Millions put at risk by old, out of date routers

Since the first stay-at-home measures were imposed by governments to keep everyone safe from the worsening COVID-19 pandemic, we at Malwarebytes have been making sure that you, dear reader, are as cyber-secure as possible in your home network, while you try to work and while your children attend...

UltimateWoo <= 0.1.10 - PHP Object Injection

The plugin is using an outdated library which is affected by a PHP Object Injection issue...

BMD BMDWeb 2.0 Cross Site Scripting Vulnerability

======================================================================= title: Stored Cross Site Scripting Outdated software library product: BMD BMDWeb 2.0 vulnerable version: BMD versions prior to 24.01.21 fixed version: 24.01.21 and 24.02.11 or higher CVE number: - impact: High homepage:...

Security Bulletin: Resilient - Permitting use of outdated ciphers for SSH (CVE-2016-6063)

Summary Security Bulletin: Resilient - Permitting use of outdated ciphers for SSH CVE-2016-6063 Vulnerability Details Title Security Bulletin: Resilient - Permitting use of outdated ciphers for SSH CVE-2016-6063 Summary The default Debian Linux configuration of SSH includes outdated ciphers that...

Outdated php-mod/curl Library - Unauthenticated Reflected Cross-Site Scripting (XSS)

The original submission stated that the HT Slider Range for Amazon affiliates plugin for WordPress had a reflected XSS vulnerability. After investigation WPScanTeam, the cause was found to be test files from the php-mod/curl library, which was missing appropriate response headers before outputtin...

CVE-2021-27448

A miscommunication in the file system allows adversaries with access to the MU320E to escalate privileges on the MU320E all firmware versions prior to v04A00.1...

Kagemai vulnerable to cross-site scripting

Overview Kagemai provided by daifukuya.com is a bug tracking system to share bug information of the software being developed among its development team. Kagemai contains a stored cross-site scripting vulnerability CWE-79 which allows an unintended script execution on the web browser of the user w...

Linksys EA7500 2.0.8.194281 - Cross-Site Scripting

Exploit Title: Linksys EA7500 2.0.8.194281 - Cross-Site Scripting Date: 3/24/21 Exploit Author: MiningOmerta Vendor Homepage: https://www.linksys.com/ Version: EA7500 Firmware Version: 2.0.8.194281 CVE: CVE-2012-6708 Tested On: Linksys EA7500 jQuery version 1.7.1 Cross-Site Scripting Vulnerabilit...

Linksys EA7500 2.0.8.194281 - Cross-Site Scripting Vulnerability

Exploit Title: Linksys EA7500 2.0.8.194281 - Cross-Site Scripting Exploit Author: MiningOmerta Vendor Homepage: https://www.linksys.com/ Version: EA7500 Firmware Version: 2.0.8.194281 CVE: CVE-2012-6708 Tested On: Linksys EA7500 jQuery version 1.7.1 Cross-Site Scripting Vulnerability on modern...

HPE Systems Insight Manager AMF Deserialization RCE

A remotely exploitable vulnerability exists within HPE System Insight Manager SIM version 7.6.x that can be leveraged by a remote unauthenticated attacker to execute code within the context of HPE System Insight Manager's hpsimsvc.exe process, which runs with administrative privileges. The...

Docker path traversal vulnerability

Docker is an open source application container engine from the American company Docker. It supports creating a container lightweight virtual machine and deploying and running applications on Linux systems, as well as automating the installation, deployment and upgrade of applications through...

Advantech Spectre RT Industrial Routers

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Advantech Equipment: Spectre RT Industrial Routers Vulnerabilities: Improper Neutralization of Input During Web Page Generation, Cleartext Transmission of Sensitive Information, Improper...

USN-4719-1: ca-certificates update | Cloud Foundry

Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 2.46 version of the Mozilla certificate authority bundle...

Router Security

This report is six months old, and I dont know anything about the organization that produced it, but it has some alarming data about router security. Conclusion: Our analysis showed that Linux is the most used OS running on more than 90% of the devices. However, many routers are powered by very o...

CVE-2020-35564

An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an outdated and unused component allowing for malicious user input of active code...

CVE-2020-35564

An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an outdated and unused component allowing for malicious user input of active code...

Code injection

An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an outdated and unused component allowing for malicious user input of active code...