Johnson Controls Software House C CURE 9000 Security Breach

Johnson Controls Software House C CURE 9000 is an access control system from Johnson Controls, Inc. A security vulnerability exists in Johnson Controls Software House C CURE 9000 that stems from the installation program using weak credentials...

footao.tv Cross Site Scripting vulnerability OBB-3942839

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

7,000 WordPress Sites Affected by Privilege Escalation Vulnerability in ProfileGrid WordPress Plugin

📢 Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the...

samara.polovinka.org Cross Site Scripting vulnerability OBB-3942714

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

New Ransomware-as-a-Service 'Eldorado' Targets Windows and Linux Systems

An emerging ransomware-as-a-service RaaS operation called Eldorado comes with locker variants to encrypt files on Windows and Linux systems. Eldorado first appeared on March 16, 2024, when an advertisement for the affiliate program was posted on the ransomware forum RAMP, Singapore-headquartered...

sleepdunwoody.com Improper Access Control vulnerability OBB-3942240

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

eltorrent.com Improper Access Control vulnerability OBB-3942164

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

kernel: ipc/mqueue, msg, sem: avoid relying on a stack reference past its expiry

A flaw was found in the Linux kernel’s IPC system. This flaw allows an attacker to use a specially crafted program to cause a rare race condition, leading to a denial of service...

CVE-2024-38330 IBM i privilege escalation

IBM System Management for i 7.2, 7.3, and 7.4 could allow a local user to gain elevated privileges due to an unqualified library program call. A malicious actor could cause user-controlled code to run with administrator privilege. IBM X-Force ID: 295227...

odn.nl Cross Site Scripting vulnerability OBB-3942113

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

niprojmipharma.com Cross Site Scripting vulnerability OBB-3942110

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

fluency.io Cross Site Scripting vulnerability OBB-3941793

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

engworksheets.com Cross Site Scripting vulnerability OBB-3941730

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

meetingguru.de Improper Access Control vulnerability OBB-3941576

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

forums.runehq.com Improper Access Control vulnerability OBB-3941549

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

geeksf.com Cross Site Scripting vulnerability OBB-3941290

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

GNU Coreutils: Buffer Overflow Vulnerability

Background The GNU Core Utilities are the basic file, shell and text manipulation utilities of the GNU operating system. Description A vulnerability has been discovered in the Coreutils "split" program that can lead to a heap buffer overflow and possibly arbitrary code execution. Impact Please...

Parameter Injection

zend-mail is vulnerable to Parameter Injection. The vulnerability is due to unsanitized additional quote characters within an address in the file Sendmail.php, which allows an attacker to inject arbitrary parameters to the system sendmail program...

pirajuba.mg.gov.br Cross Site Scripting vulnerability OBB-3940847

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

br.shotoe.com Cross Site Scripting vulnerability OBB-3940737

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...