CVE-2023-28829

A vulnerability has been identified in SIMATIC NET PC Software V14 All versions, SIMATIC NET PC Software V15 All versions, SIMATIC PCS 7 V8.2 All versions, SIMATIC PCS 7 V9.0 All versions, SIMATIC PCS 7 V9.1 All versions, SIMATIC WinCC All versions V8.0, SINAUT Software ST7sc All versions. Before...

The vulnerability of the “Allow Subdomains” configuration in the OAuth2 authentication platform allows a hacker to bypass security restrictions and redirect users to any arbitrary URL address.

The vulnerability of the “Allow Subdomains” configuration in the OAuth2 authentication platform is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and redirect users to any arbitrary URL address...

CVE-2010-4533

CVE-2010-4533 affects offlineimap prior to version 6.3.4, where SSL certificate validation was added but SSLv2 is still enabled. This keeps SSLv2’s known weaknesses and yields high CVSS metrics (Confidentiality/Integrity/Availability partial in CVSS2; Critical in CVSS3.1). The connected documents...

Improper access control

A deficiency in the access control in module express-cart =1.1.5 allows unprivileged users to add new users to the application as administrators...

WebSummit: Reflective XSS

It appears the fix for https://hackerone.com/reports/166699 did not stick. URL https://websummit.net/attendees/featured-attendees?q=rubyoob%27%3E%3Ciframe/onload=alertdocument.domain%3E%3C/iframe%3E URL Parameters q=rubyoob%27%3E%3Ciframe/onload=alertdocument.domain%3E%3C/iframe%3E Request Header...