731 matches found
crhf.net Cross Site Scripting vulnerability OBB-2562182
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
The paradigm shift of PCI SSF: what executive leaders need to know now
As a security leader who lives and breathes security controls, protocols, and compliance standards, youre probably aware of the upcoming Payment Card Industry PCI Software Security Framework SSF transition thats been coming for some time. In fact, I posted a blog about the phase-out of the...
laclusaz.com Cross Site Scripting vulnerability OBB-2382427
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
16 Best DDOS Attack Tools in 2022
What are DDOS attack tools? DDOS attacks are cyber- attacks targeted at rendering certain computers, network systems and servers non-functional. The processes involved in its execution can be however complicated. Attackers have to carry out a long series of actions that involve social engineering...
mytex.ro Cross Site Scripting vulnerability OBB-2319025
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
XStream: arbitrary file deletion on the local host when unmarshalling
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling. The vulnerability may allow a remote attacker to delete arbitrary know files on the host as log as the executin...
XStream: SSRF via crafted input stream
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on...
XStream: allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the...
Amazon Linux 2 : xstream (ALAS-2021-1729)
The version of xstream installed on the remote host is prior to 1.3.1-16. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2021-1729 advisory. A flaw was found in xstream, a simple library used to serialize objects to XML and back again. This flaw allows a remote...
XStream: SSRF via crafted input stream
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on...
XStream: ReDoS vulnerability
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to occupy a thread that consumes maximum CPU time and will never return. No user is affected, who followed the recommendation to setup...
XStream: allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the...
hellosushi.co Cross Site Scripting vulnerability OBB-2286932
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
XStream: arbitrary file deletion on the local host when unmarshalling
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling. The vulnerability may allow a remote attacker to delete arbitrary know files on the host as log as the executin...
XStream: SSRF via crafted input stream
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on...
XStream: ReDoS vulnerability
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to occupy a thread that consumes maximum CPU time and will never return. No user is affected, who followed the recommendation to setup...
xstream: Infinite loop DoS via unsafe deserialization of sun.reflect.annotation.AnnotationInvocationHandler
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by...
NSA and CISA Release Guidance on Securing 5G Cloud Infrastructures
CISA has announced the joint National Security Agency NSA and CISA publication of the second of a four-part series, Security Guidance for 5G Cloud Infrastructures. Part II: Securely Isolate Network Resources examines threats to 5G container-centric or hybrid container/virtual network, also known ...
Debian DSA-5004-1 : libxstream-java - security update
The remote Debian 10 / 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-5004 advisory. Multiple security vulnerabilities have been discovered in XStream, a Java library to serialize objects to XML and back again. These vulnerabilities may allow...
Vimana - An Experimental Security Framework That Aims To Provide Resources For Auditing Python Web Applications
Vimana is a modular security framework designed to audit Python web applications. The base of the Vimana is composed of crawlers focused on frameworks in addition to the generic ones for web, trackers, discovery, fuzzer, parser among other types of modules. The main idea, from where the framework...