14 matches found
CVE-2025-15480
In Ubuntu, ubuntu-desktop-provision version 24.04.4 could leak sensitive user credentials during crash reporting. Upon installation failure, if a user submitted a bug report to Launchpad, ubuntu-desktop-provision could include the user's password hash in the attached logs...
EUVD-2022-41373
Malicious code in bioql PyPI...
CVE-2025-9444 1000projects Online Project Report Submission and Evaluation System delete_group_student.php sql injection
A vulnerability has been found in 1000projects Online Project Report Submission and Evaluation System 1.0. This issue affects some unknown processing of the file /admin/controller/deletegroupstudent.php. The manipulation of the argument batchid leads to sql injection. The attack can be initiated...
PT-2025-34728 · Unknown · 1000Projects Online Project Report Submission/Evaluation System
Name of the Vulnerable Software and Affected Versions: 1000projects Online Project Report Submission and Evaluation System version 1.0 Description: A security flaw exists in 1000projects Online Project Report Submission and Evaluation System version 1.0. The manipulation of the address argument i...
HackerOne: Reports submitted by a non 2fa setupped user account can be transferred to a 2fa require submission program
Vulnerability description not provided...
HackerOne: Ability to bulk submit reports via query named based batching
A vulnerability was discovered in the GraphQL API of the HackerOne platform. The vulnerability allowed an attacker to bulk submit reports via query-based batching, bypassing the intended limit of 500 reports. This was achieved by leveraging a Python script to generate a large number of reports in...
HackerOne: Bypass report submit restriction/ban using the API key
A vulnerability was discovered that allowed banned researchers to submit reports through API keys, bypassing reporting restrictions. By creating an API key after an account was banned from submitting reports, a researcher could still submit reports to programs without restrictions, potentially...
CVE-2022-38813
PHPGurukul Blood Donor Management System 1.0 does not properly restrict access to admin/dashboard.php, which allows attackers to access all data of users, delete the users, add and manage Blood Group, and Submit Report...
Design/Logic Flaw
PHPGurukul Blood Donor Management System 1.0 does not properly restrict access to admin/dashboard.php, which allows attackers to access all data of users, delete the users, add and manage Blood Group, and Submit Report...
PHPGurukul Blood Donor Management System 安全漏洞
PHPGurukul Blood Donor Management System is a blood donor management system from the US company PHPGurukul. A security vulnerability exists in version 1.0 of the PHPGurukul Blood Donor Management System that stems from not properly restricting access to admin/dashboard.php, which can be exploited...
h1-ctf: [H1-2006 2020] ^FLAG^736c635d8842751b8aafa556154eb9f3$FLAG$
Still working on the report figured I should turn it in though :D Impact hugeee...
Zendesk: Leaked artifactory_api_key via GitHub.
It was reported to Zendesk that a valid API key to an instance of Artifactory was unintentionally leaked via a public GitHub repository. We immediately rotated the key and investigated to ensure it was not utilized by any other party. We want to thank @rubyroobs for providing a detailed report...
HackerOne: CSV Injection via the CSV export feature
Hi , I have managed to bypass your fix for 72785 by submitting a report with NewLine character 0x0a in the title before the CSV formula. Steps to reproduce: 1. As a researcher , Submit a report to a program with the title %0A-2+3+cmd|' /C calc'!D2 , here is an example request: POST...
Puppet Multiple Vulnerabilities (2013/03/12)
According to its self-reported version number, the version of Puppet Open Source or Puppet Enterprise running on the remote host has the following vulnerabilities : - A vulnerability that allows an authenticated client to execute arbitrary code on a puppet master. CVE-2013-1640 - A vulnerability...