11967 matches found
CVE-2020-15867
Gogs 0.5.5–0.12.2 is vulnerable to authenticated remote code execution via the git hooks feature. The root cause is that privileged users can create git hooks (post-receive) and trigger code execution; non-admin users require explicit permission. The issue is exploitable through the web interface...
uspdigital.usp.br Cross Site Scripting vulnerability OBB-1405195
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
Cisco ASA / FTD 9.6.4.42 Path Traversal
Exploit Title: Cisco ASA and FTD 9.6.4.42 - Path Traversal Date: 2020-10-10 Exploit Author: 3ndG4me Vendor: www.cisco.com Product: https://www.cisco.com/c/en/us/products/security/asa-firepower-services/index.html CVE : CVE-2020-3452 TARGET=$1 CISCOKNOWNFILES="logo.gif httpauth.html userdialog.htm...
Kentico CMS 10.x < 10.0.50 / 11.x < 11.0.3 Multiple Vulnerabilities
According to its self-reported version number, the version of Kentico CMS on the remote host is 10.x prior to 10.0.50 or 11.x prior to 11.0.3. It is, therefore, affected by multiple vulnerabilities : - A cross-site scripting XSS vulnerability exists due to improper validation of user-supplied inp...
vaho.es Improper Access Control vulnerability OBB-1381359
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
mybroadband.co.za Improper Access Control vulnerability OBB-1380074
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
fenone.discount-sale.site Cross Site Scripting vulnerability OBB-1364855
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
arrow:parquet-arrow-fuzz: Global-buffer-overflow in WriteRingBuffer
Project: https://github.com/apache/arrow.git Detailed Report: https://oss-fuzz.com/testcase?key=5737307070791680 Project: arrow Fuzzing Engine: afl Fuzz Target: parquet-arrow-fuzz Job Type: aflasanarrow Platform Id: linux Crash Type: Global-buffer-overflow WRITE Crash Address: 0x000002cac164 Cras...
Input validation
Rest API in Brocade Fabric OS v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c is vulnerable to multiple instances of reflected input...
Unescaped message used in HTML within LogEventsList
More info at https://phabricator.wikimedia.org/T256171...
SOCKS Proxy Server
This module provides a SOCKS proxy server that uses the builtin Metasploit routing to relay connections. Module Options msf use auxiliary/server/socksproxy msf auxiliarysocksproxy show actions ...actions... msf auxiliarysocksproxy set ACTION msf auxiliarysocksproxy show options ...show and set...
promoturviaggi.it Cross Site Scripting vulnerability OBB-1346522
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
digilib.umg.ac.id Cross Site Scripting vulnerability OBB-1344011
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
ratnaling.secure.retreat.guru Cross Site Scripting vulnerability OBB-1341317
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
OSV-2020-1777 Heap-buffer-overflow in exif_process_IFD_in_MAKERNOTE
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19044 Crash type: Heap-buffer-overflow READ 9 Crash state: exifprocessIFDinMAKERNOTE exifprocessIFDTAG exifprocessIFDinTIFF...
jobportale-marburg.de Cross Site Scripting vulnerability OBB-1338254
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
Denial of service
A vulnerability was discovered in GitLab runner versions before 13.1.3, 13.2.3 and 13.3.1. It was possible to make the gitlab-runner process crash by sending malformed queries, resulting in a denial of service...
google.de.search.frag-den-doc.de Cross Site Scripting vulnerability OBB-1334506
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
bkkexklusiv.portal-gesundheitonline.de Cross Site Scripting vulnerability OBB-1328753
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
barcelonashoppingcity.com Improper Access Control vulnerability OBB-1327963
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...