EUVD-2017-12316

Malware in sbrugna...

Malicious code in test-mlw2-theed-seats-nerds-targe (npm)

The package test-mlw2-theed-seats-nerds-targe was found to contain malicious code...

MAL-2025-36436 Malicious code in test-mlw2-theed-seats-nerds-targe (npm)

The package test-mlw2-theed-seats-nerds-targe was found to contain malicious code...

SourceCodester Online Railway Reservation System SQL注入漏洞（CNVD-2022-53360）

Sourcecodester Online Railway Reservation system is a web-based application that provides an online platform for rail or train station passengers or potential passengers to browse their schedules and reserve seats. sourceCodester Online Railway Reservation System v1.0 is vulnerable to a SQL...

SourceCodester Online Railway Reservation System SQL注入漏洞（CNVD-2022-53357）

Sourcecodester Online Railway Reservation system is a web-based application that provides an online platform for rail or train station passengers or would-be passengers to view their schedules and reserve seats. Online Railway Reservation System v1.0 version contains a SQL injection vulnerability...

Krisp: [api.krisp.ai] Race condition on /v2/seats endpoint allows bypassing the original seat limit

Security researcher has found a race condition on one of our endpoints which was effectively bypassing maximum seats limit, We would like to thank @alp for reporting it responsibly to our bug bounty program ! I found a race condition issue at the /v2/seats endpoint. It allowed bypassing maximum...

Ticket-Booking 1.4 Authentication Bypass

Exploit Title: Ticket-Booking 1.4 - Authentication Bypass Author: Cakes Discovery Date: 2019-09-14 Vendor Homepage: https://github.com/ABHIJEET-MUNESHWAR/Ticket-Booking Software Link: https://github.com/ABHIJEET-MUNESHWAR/Ticket-Booking/archive/master.zip Tested Version: 1.4 Tested on OS: CentOS ...

CVE-2017-3190

Flash Seats Mobile App for Android version 1.7.9 and earlier and for iOS version 1.9.51 and earlier fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle MITM attacks...

Format string

Flash Seats Mobile App for Android version 1.7.9 and earlier and for iOS version 1.9.51 and earlier fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle MITM attacks...

CVE-2017-3190

CVE-2017-3190 affects Flash Seats Mobile App for Android (1.7.9 and earlier) and iOS (1.9.51 and earlier). Root cause is improper SSL certificate validation during HTTPS connections, enabling potential MITM attacks and exposure of sensitive data. Vendor fixes are available: Android 1.7.10 and iOS...

CVE-2017-3190

Flash Seats Mobile App for Android version 1.7.9 and earlier and for iOS version 1.9.51 and earlier fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle MITM attacks...

Just a Few Seats Left at the Coalfire Adaptive Pen Testing Training at Black Hat!

Black Hat is just around the corner, and Coalfire is gearing up for the best Adaptive Penetration Testing Training yet! Weve adapted the Adaptive Penetration Test Training course with new instructors, enriched content, and new labs to provide the richest training to date. The revised training now...

dannygray.com XSS vulnerability

Vulnerable URL: http://www.dannygray.com/seats/availability.asp?ManufacturerID=1=1"...

Row Seats Core <= 2.66 - Unauthenticated PHP Object Injection

The plugin row-seats insecurely trusts serialized data submitted over HTTP requests. This opens up the site to a PHP object injection vulnerability potential exploit vector. This vulnerability was patched in version 2.68, information is being released now as a disclosure period has expired. PoC...

Row Seats Core <= 2.66 - Unauthenticated PHP Object Injection

The plugin row-seats insecurely trusts serialized data submitted over HTTP requests. This opens up the site to a PHP object injection vulnerability potential exploit vector. This vulnerability was patched in version 2.68, information is being released now as a disclosure period has expired. Attac...

OpenLDAP 2.2.29 - Remote Denial of Service (Metasploit)

OpenLDAP 2.2.29 - Remote Denial of Service Metasploit vdopenldap.pm The exploit is a part of VulnDisco Pack - use only under the license agreement specified in LICENSE.txt in your VulnDisco distribution VULNDISCO LICENSE Purchaser buys VulnDisco Pack "the Pack" and receives the right to use it...