jblfilms.com Cross Site Scripting vulnerability OBB-3934484

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

playfulpages.com Cross Site Scripting vulnerability OBB-3926127

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

jugend-do.de Improper Access Control vulnerability OBB-3819167

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

grubenberg.ch Cross Site Scripting vulnerability OBB-3756286

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

unityjoyoflife.org Cross Site Scripting vulnerability OBB-3743959

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

makserg.com Cross Site Scripting vulnerability OBB-3636848

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

pylospestcontrol.gr Cross Site Scripting vulnerability OBB-3570178

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

FortiNAC - Report disclosure to unauthenticated users

An exposure of sensitive information to an unauthorized actor vulnerability CWE-200 in FortiNAC may allow an unauthenticated attacker to access sensitive information via crafted HTTP requests...

LinkedIn: An Attacker Can Flag Draft Job Posts And Can Disclose The Draft Job Posts Details [ Similar to #1581528 Resolved Report]

A vulnerability was discovered on LinkedIn that allowed attackers to flag and report draft job posts of other users. This resulted in the disclosure of sensitive job details, even for posts that were not yet published...

baudienstleistungen-mehlhose.de Cross Site Scripting vulnerability OBB-2706984

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Wipro Holmes Orchestrator 20.4.1 Report Disclosure

Exploit Title: Wipro Holmes Orchestrator 20.4.1 Unauthenticated Excel Report Download Date: 09/08/2021 Exploit Author: Rizal Muhammed @ub3rsick Vendor Homepage: https://www.wipro.com/holmes/ Version: 20.4.1 Tested on: Windows 10 x64 CVE : CVE-2021-38147 In the Wipro Holmes Orchestrator 20.4.1...

CVE-2021-22728

The CVE-2021-22728 entry concerns a CWE-200 information exposure vulnerability in Schneider Electric EVlink devices: EVlink City (EVC1S22P4 / EVC1S7P4), EVlink Parking (EVW2 / EVF2 / EV.2), and EVlink Smart Wallbox (EVB1A) with all versions prior to R8 V3.4.0.1. The flaw could disclose encrypted ...

HackerOne: Report Bulk endpoint "agree-on-going-public" action may reveal Report disclosure state for invite-only programs

Hello, Hope you are doing well, SUMMARY -In hackerone user doesn't have permission to do any action like "disclosing/undiclosing" in disclosed report. -Here user can send the "cancel-disclosure-request" request to the server and server accepts the request gave 200ok response with ""flash":"The...

sternchenkoch.de Cross Site Scripting vulnerability OBB-1338346

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

ghostscript:gstoraster_fuzzer: Use-of-uninitialized-value in cmd_put_drawing_color

Detailed Report: https://oss-fuzz.com/testcase?key=5072828683255808 Project: ghostscript Fuzzing Engine: libFuzzer Fuzz Target: gstorasterfuzzer Job Type: libfuzzermsanghostscript Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: cmdputdrawingcolor...

suricata:fuzz_applayerparserparse: Heap-use-after-free in htp_chomp

Detailed Report: https://oss-fuzz.com/testcase?key=5651773898620928 Project: suricata Fuzzing Engine: honggfuzz Fuzz Target: fuzzapplayerparserparse Job Type: honggfuzzasansuricata Platform Id: linux Crash Type: Heap-use-after-free READ 1 Crash Address: 0x62a00000b4f9 Crash State: htpchomp...

pattoninternational.com XSS vulnerability

Open Bug Bounty ID: OBB-683727 Description| Value ---|--- Affected Website:| pattoninternational.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| hidden until disclosure Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:|...

cacec.com.ar XSS vulnerability

Open Bug Bounty ID: OBB-620059 Description| Value ---|--- Affected Website:| cacec.com.ar Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...