epizza.shop Cross Site Scripting vulnerability OBB-2654870

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Apache Shiro < 1.5.2 Authentication Bypass

Apache Shiro before 1.5.2, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. C Tenable, Inc...

Apache Shiro < 1.5.3 Authentication Bypass

Apache Shiro before 1.5.3, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. C Tenable, Inc...

Apache Shiro < 1.4.2 Padding Attack

Apache Shiro before 1.4.2, when using the default 'remember me' configuration, cookies could be susceptible to a padding attack. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. C Tenable, Inc. include'compat.inc'; if...

Apache Shiro < 1.8.0 Authentication Bypass

Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. C Tenable, Inc...

Apache Shiro < 1.7.0 Authentication Bypass

Apache Shiro before 1.7.0, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. C Tenable, Inc. include'compat.inc'; i...

Labtainers - A Docker-based Cyber Lab Framework

Labtainers include more than 50 cyber lab exercises and tools to build your own. Import a single VM appliance or install on a Linux system and your students are done with provisioning and administrative setup, for these and future lab exercises. Consistent lab execution environments and automated...

tamililquran.com Cross Site Scripting vulnerability OBB-2622001

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

tawfiqcars.be Cross Site Scripting vulnerability OBB-2620307

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

NewStart CGSL CORE 5.05 / MAIN 5.05 : xstream Vulnerability (NS-SA-2022-0045)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has xstream packages installed that are affected by a vulnerability: - XStream is software for serializing Java objects to XML and back again. A vulnerability in XStream versions prior to 1.4.17 may allow a remote attacker has...

NewStart CGSL CORE 5.05 / MAIN 5.05 : xstream Multiple Vulnerabilities (NS-SA-2022-0033)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has xstream packages installed that are affected by multiple vulnerabilities: - XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a...

NewStart CGSL CORE 5.04 / MAIN 5.04 : xstream Vulnerability (NS-SA-2022-0007)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has xstream packages installed that are affected by a vulnerability: - XStream is software for serializing Java objects to XML and back again. A vulnerability in XStream versions prior to 1.4.17 may allow a remote attacker has...

crhf.net Cross Site Scripting vulnerability OBB-2562182

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

The paradigm shift of PCI SSF: what executive leaders need to know now

As a security leader who lives and breathes security controls, protocols, and compliance standards, youre probably aware of the upcoming Payment Card Industry PCI Software Security Framework SSF transition thats been coming for some time. In fact, I posted a blog about the phase-out of the...

laclusaz.com Cross Site Scripting vulnerability OBB-2382427

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

16 Best DDOS Attack Tools in 2022

What are DDOS attack tools? DDOS attacks are cyber- attacks targeted at rendering certain computers, network systems and servers non-functional. The processes involved in its execution can be however complicated. Attackers have to carry out a long series of actions that involve social engineering...

mytex.ro Cross Site Scripting vulnerability OBB-2319025

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

XStream: allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the...

XStream: SSRF via crafted input stream

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on...

XStream: arbitrary file deletion on the local host when unmarshalling

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling. The vulnerability may allow a remote attacker to delete arbitrary know files on the host as log as the executin...