rosaarrais.com.br Open Redirect vulnerability

Open Bug Bounty ID: OBB-1016622 Security Researcher 41PH4 Helped patch 18 vulnerabilities Received 1 Coordinated Disclosure badges , a holder of 1 badges for responsible and coordinated disclosure, found a security vulnerability affecting rosaarrais.com.br website and its users. Following...

visagehall.ru Cross Site Scripting vulnerability

Security Researcher g0bl1nsec Helped patch 3650 vulnerabilities Received 4 Coordinated Disclosure badges Received 3 recommendations , a holder of 4 badges for responsible and coordinated disclosure, found a security vulnerability affecting visagehall.ru website and its users. Following coordinate...

wiki.wlug.org.nz Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1013963 Security Researcher geeknik Helped patch 8930 vulnerabilities Received 8 Coordinated Disclosure badges Received 21 recommendations , a holder of 8 badges for responsible and coordinated disclosure, found a security vulnerability affecting wiki.wlug.org.nz website a...

Prima Access Control 2.3.35 - Arbitrary File Upload

Exploit Title: Prima Access Control 2.3.35 - Arbitrary File Upload Google Dork: NA Date: 2019-11-11 Exploit Author: LiquidWorm Vendor Homepage: https://www.computrols.com/capabilities-cbas-web/ Software Link: https://www.computrols.com/building-automation-software/ Version: 2.3.35 Tested on: NA C...

Fedora 29 : nspr / nss (2019-e4c45e113c)

Updates the nspr and nss packages to upstream NSPR 4.23 and NSS 3.47 respectively. For details about new functionality and a list of bugs fixed in this release please see the upstream release notes - https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS3.47releasenotes Note that Tenab...

CVE-2013-1820

tuned before 2.x allows local users to kill running processes due to insecure permissions with tuned's ktune service...

Schneider-electric Modicon Improper Handling of Exceptional Conditions

A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 firmware version prior to V2.90 and Modicon M340 firmware version prior to V3.10, which could cause a possible denial of service when writing to specific memory addresses in the controller over Modbus. File data ot500297.nasl...

Windriver Vxworks Improper Restriction of Operations within the Bounds of a Memory Buffer

Wind River VxWorks 6.7 though 6.9 and vx7 has a Buffer Overflow in the TCP component issue 3 of 4. This is an IPNET security vulnerability: TCP Urgent Pointer state confusion during connect to a remote host. File data ot500203.nasl...

Schneider-electric Modicon Improper Handling of Exceptional Conditions

A CWE-248: Uncaught Exception vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules all firmware versions, which could cause a Denial of Service attack on the FTP service when upgrading the firmware with a version incompatible with the application in the controller...

dutchcocacolacans.nl Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1009181 Security Researcher MohanSathwik Helped patch 4 vulnerabilities Received 0 Coordinated Disclosure badges , found a security vulnerability affecting dutchcocacolacans.nl website and its users. Following coordinated and responsible vulnerability disclosure guidelines...

CVE-2019-17212

Buffer overflows were discovered in the CoAP library in Arm Mbed OS 5.14.0. The CoAP parser is responsible for parsing received CoAP packets. The function sncoapparseroptionsparse parses CoAP input linearly using a while loop. Once an option is parsed in a loop, the current point packetdatapptr i...

XNU Missing Locking Race Condition

XNU: missing locking in checkdirscallback enables race with fchdircommon On macOS, when a new mount point is created, the kernel uses checkdirs to, as a comment above the function explains: "Scan all active processes to see if any of them have a current or root directory onto which the new...

Fedora 30 : nspr / nss (2019-8934d55352)

Updates the nspr and nss packages to upstream NSPR 4.23 and NSS 3.47 respectively. For details about new functionality and a list of bugs fixed in this release please see the upstream release notes - https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS3.47releasenotes Note that Tenab...

community.advisera.com Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1007080 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website...

ClamAV < 0.102.0 - 'bytecode_vm' Code Execution

!/usr/bin/python ''' Finished : 22/07/2019 Pu8lished : 31/10/2019 Versi0n : Current ./exploit.py clambc --debug exploit SNIP $ ''' names = 'test1', 'read', 'write', 'seek', 'setvirusname',...

Apache Solr 8.2.0 - Remote Code Execution

Title: Apache Solr 8.2.0 - Remote Code Execution Date: 2019-11-01 Author: @l3xwong Vendor: https://lucene.apache.org/solr/ Software Link: https://lucene.apache.org/solr/downloads.html CVE: N/A github: https://github.com/AleWong/Apache-Solr-RCE-via-Velocity-template usage: python3 script.py ip por...

tripair.nl Cross Site Scripting vulnerability

Security Researcher Kenan Helped patch 2171 vulnerabilities Received 6 Coordinated Disclosure badges Received 6 recommendations , a holder of 6 badges for responsible and coordinated disclosure, found a security vulnerability affecting tripair.nl website and its users. Following coordinated and...

CVE-2017-16992

...

CVE-2019-18552

...

CVE-2019-18491

...