29035 matches found
CVE-2023-52041
An issue discovered in TOTOLINK X6000R V9.4.0cu.852B20230719 allows attackers to run arbitrary code via the sub410118 function of the shttpd program...
CVE-2024-0200
An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to reflection injection. This vulnerability could lead to the execution of user-controlled methods and remote code execution. To exploit this bug, an actor would need to be logged into an account on the...
Code injection
An issue discovered in TOTOLINK X6000R V9.4.0cu.852B20230719 allows attackers to run arbitrary code via the sub410118 function of the shttpd program...
Command injection
An attacker with access to a Management Console user account with the editor role could escalate privileges through a command injection vulnerability in the Management Console. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in versions 3.11.3, 3.10.5, 3.9.8, an...
Design/Logic Flaw
An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to reflection injection. This vulnerability could lead to the execution of user-controlled methods and remote code execution. To exploit this bug, an actor would need to be logged into an account on the...
CVE-2024-0507 Privilege Escalation by Code Injection in the Management Console in GitHub Enterprise Server
An attacker with access to a Management Console user account with the editor role could escalate privileges through a command injection vulnerability in the Management Console. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in versions 3.11.3, 3.10.5, 3.9.8, an...
CVE-2024-0200 Unsafe Reflection in Github Enterprise Server leading to Command Injection
An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to reflection injection. This vulnerability could lead to the execution of user-controlled methods and remote code execution. To exploit this bug, an actor would need to be logged into an account on the...
instagiber.net Cross Site Scripting vulnerability OBB-3836389
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
board.rhythmer.net Cross Site Scripting vulnerability OBB-3836384
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2024-0581
An Uncontrolled Resource Consumption vulnerability has been found on Sandsprite Scdbg.exe, affecting version 1.0. This vulnerability allows an attacker to send a specially crafted shellcode payload to the '/foff' parameter and cause an application shutdown. A malware program could use this...
CVE-2024-0581 Uncontrolled Resource Consumption vulnerability on Sandsprite scdbg
An Uncontrolled Resource Consumption vulnerability has been found on Sandsprite Scdbg.exe, affecting version 1.0. This vulnerability allows an attacker to send a specially crafted shellcode payload to the '/foff' parameter and cause an application shutdown. A malware program could use this...
swissfundplatform.ch Cross Site Scripting vulnerability OBB-3836282
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
felixswimschools.com Cross Site Scripting vulnerability OBB-3836245
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
800appliance.com Cross Site Scripting vulnerability OBB-3836232
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
r2820.com Cross Site Scripting vulnerability OBB-3836183
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
pompes-direct.com Cross Site Scripting vulnerability OBB-3836179
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
miicharacters.com Cross Site Scripting vulnerability OBB-3836165
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
MGASA-2024-0013 Updated hplip packages fix security vulnerabilities
There were security issues in hplip's hpps program due to fixed /tmp path usage in prnt/hpps/hppsfilter.c This update fixes these issues...
Updated hplip packages fix security vulnerabilities
There were security issues in hplip's hpps program due to fixed /tmp path usage in prnt/hpps/hppsfilter.c This update fixes these issues...
Remote code execution
This High severity RCE Remote Code Execution vulnerability was introduced in version 7.19.0 of Confluence Data Center. This RCE Remote Code Execution vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high...