11967 matches found
impressionsstudio.com Cross Site Scripting vulnerability OBB-2439520
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
GSD-2022-1000882 xhci: Prevent futile URB re-submissions due to incorrect return value.
xhci: Prevent futile URB re-submissions due to incorrect return value. This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.182 by commit...
Icinga Web 2 Detection Consolidation
Consolidation of Icinga Web 2 detections. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only include"pluginfeedinfo.inc"; if description...
WordPress MOLIE plugin SQL injection vulnerability
WordPress is a set of blogging platform developed by Wordpress Foundation using PHP language. WordPress plugin is a WordPress application plugin. WordPress MOLIE plugin 0.5 and earlier versions have a SQL injection vulnerability, which stems from the failure of MOLIE to validate and escape SQL...
Ransomware: February 2022 review
The Malwarebytes Threat Intelligence team continuously monitors the threat landscape to stay on top of existing and emerging attacks. In this February 2022 ransomware review, we go over some the most successful ransomware incidents based on both open source and dark web intelligence. BlackByte...
chantdemonpays.qc.ca Cross Site Scripting vulnerability OBB-2418740
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
nfe.domcavati.mg.gov.br Cross Site Scripting vulnerability OBB-2418341
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Siemens Mendix Runtime Access Control Improper Vulnerability
Mendix is an application platform that enables mobile and web applications to be built and continuously improved at scale. a security vulnerability exists in Siemens Mendix Runtime that could be exploited by attackers to dump and manipulate sensitive data...
Updating the hub’s token contract address may lead to incorrect undelegation amount
Lines of code Vulnerability details Updating the hub’s token contract address may lead to incorrect undelegation amounts Impact The hub contract allows config updates to the tokencontract config values in anchor-bAsset-contracts/contracts/anchorbassethub/src/config.rs Such updates can cause wrong...
Simple Mobile Comparison Website SQL Injection Vulnerability
Simple Mobile Comparison Website is a mobile comparison website by Carlo Montero's personal developer. Simple Mobile Comparison Website is vulnerable to SQL injection and no details of the vulnerability are available...
TikTok: View thumbnail of any private video (friends or followers only) of Private/Public account
Vulnerability description not provided...
Bank Mellat <= 1.3.7 - Reflected Cross-Site Scripting
The plugin does not sanitize and escape the orderId parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. https://example.com/wp-admin/admin.php?page=bank-mellat&orderId="...
GSD-2022-1000575 drm/nouveau: fix off by one in BIOS boundary checking
drm/nouveau: fix off by one in BIOS boundary checking This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.22 by commit...
[SECURITY] Fedora 35 Update: libxml2-2.9.13-1.fc35
This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX strea...
Exploit for Forced Browsing in Ametys
CVE-2022-26159-Ametys-Autocompletion-XML A python exploi...
Cab Management System 1.0 - Remote Code Execution (RCE) (Authenticated)
Exploit Title: Cab Management System 1.0 - Remote Code Execution RCE Authenticated Exploit Author: Alperen Ergel Contact: @alpernae IG/TW Software Homepage: https://www.sourcecodester.com/php/15180/cab-management-system-phpoop-free-source-code.html Version : 1.0 Tested on: windows 10 xammp | Kali...
Design/Logic Flaw
A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did not strictly require a Kerberos PAC and always use the SIDs found within. The result cou...
Hackers are using Microsoft Teams chat to spread malware
By Waqas So far, researchers have identified thousands of these attacks involving abuse of the Microsoft Teams chat feature. As… This is a post from HackRead.com Read the original post: Hackers are using Microsoft Teams chat to spread malware...
GHSA-38W8-H222-WRPP Improper Restriction of XML External Entity Reference in Jenkins Chef Sinatra
Chef Sinatra Plugin 1.20 and earlier does not perform a permission check in a method implementing form validation. As the plugin does not configure its XML parser to prevent XML external entity XXE attacks, attackers can have Jenkins parse a crafted XML response that uses external entities for...
CVE-2021-20014
...