26 matches found
CVE-2025-30705
...
littlehardware.com Cross Site Scripting vulnerability OBB-3891499
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Warzone RAT infrastructure seized
On February 9, 2024, the Justice Department announced that an international operation had seized internet domains that were selling information-stealing malware. Federal authorities in Boston seized www.warzone.ws and three related domains, which sold the Warzone RAT malware. The Warzone RAT...
hon10.com Cross Site Scripting vulnerability OBB-3816181
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
albertosonfifth.com Cross Site Scripting vulnerability OBB-3783550
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
The MGM Cybersecurity Breach: Learnings and Prevention Measures
As many are aware, the systems of the $14 billion dollar gaming and hospitality giant MGM have been brought to a halt for nearly 5 days due to a multi-vector attack that has come to affect Caesars Entertainment as well. While the culprits of the attack are not confirmed, hacking group Scattered...
Stored HTML injection
Description Stored HTML Injection: A Hidden Web Threat. Learn how attackers exploit input fields to inject malicious code into web applications, jeopardizing user data and site integrity. Discover crucial prevention measures to safeguard against this insidious vulnerability. Step to reproduce 1...
Reflected XSS via POST
Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a differen...
GHSA-XC66-MG8R-Q6R5 Apache Wicket vulnerable to CSRF attacks
Apache Wicket 6.x before 6.25.0, 7.x before 7.5.0, and 8.0.0-M1 provide a CSRF prevention measure that fails to discover some cross origin requests. The mitigation is to not only check the Origin HTTP header, but also take the Referer HTTP header into account when no Origin was provided...
What is API Abuse ❓ Prevention measures.
APIs are paramount for constructing a steadfast and constant communication bridge that empowers devices to pass-on desired information seamlessly. Hackers adopt many ways to exploit the APIs and corrupt the targeted device. This API exploitation is a potential threat to API security and needs...
The Fight against Financial Cyber Crime
By Owais Sultan The financial services industry is a lucrative target and is disproportionately affected by the rise of cyber crime. Let's discuss its prevention measures. This is a post from HackRead.com Read the original post: The Fight against Financial Cyber Crime...
Mail.ru: XSS Stored on https://seedr.ru
Site: https://seedr.ru/ OS version: Windows 10 browser: Google chrome Stored cross-site scripting arises when an application receives data from an untrusted source and includes that data within its later HTTP responses in an unsafe way. I changed my nickname to a code that demonstrates the...
kirs.or.kr Cross Site Scripting vulnerability OBB-1457100
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
El Paso and Dayton Tragedy-Related Scams and Malware Campaigns
In the wake of the recent shootings in El Paso, TX, and Dayton, OH, the Cybersecurity and Infrastructure Security Agency CISA advises users to watch out for possible malicious cyber activity seeking to capitalize on these tragic events. Users should exercise caution in handling emails related to...
Through the Years: an Inside Look at Carbon Black Technology
An early Carbon Black customer and Red Canary detection engineer provides perspective on Carbon Black’s technology evolutions. This post was originally published by our partner Red Canary on May 30, 2019. Back in 2013, I was one of the first security professionals to deploy Carbon Black. This was...
battlefrontstats.com Cross Site Scripting vulnerability
Security Researcher Implosion Helped patch 1639 vulnerabilities Received 7 Coordinated Disclosure badges Received 29 recommendations , a holder of 7 badges for responsible and coordinated disclosure, found a security vulnerability affecting battlefrontstats.com website and its users. Following...
Denial of service
Make the world a bit safer...
raschig.com XSS vulnerability
Open Bug Bounty ID: OBB-685223 Description| Value ---|--- Affected Website:| raschig.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| hidden until disclosure Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| hidden unti...
Energy-warning! Be wary EnMiner mining kill-vulnerability warning-the black bar safety net
Recently, sangfor found a high strength of the virus against the behavior of the new mining virus, its viral mechanisms and conventional mining large difference, once infected, the cleanup is extremely difficult. Currently the virus in the outbreak early, sangfor has this virus named EnMiner mini...
Airline Ticket Fraud
New research: "Leaving on a jet plane: the trade in fraudulently obtained airline tickets:" Abstract: Every day, hundreds of people fly on airline tickets that have been obtained fraudulently. This crime script analysis provides an overview of the trade in these tickets, drawing on interviews wit...