carbonstatement.com Cross Site Scripting vulnerability OBB-2960059

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2022-21797

The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the predispatch flag in Parallel class due to the eval statement...

CVE-2022-21797 Arbitrary Code Execution

The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the predispatch flag in Parallel class due to the eval statement...

CVE-2022-21797 Arbitrary Code Execution

The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the predispatch flag in Parallel class due to the eval statement...

CVE-2022-21797

The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the predispatch flag in Parallel class due to the eval statement...

CVE-2022-21797

The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the predispatch flag in Parallel class due to the eval statement...

A malicious Admin can call numerous number of times the function withdrawAdmin() and result in Deniel of Service.

Lines of code Vulnerability details Impact This issue can result in Deniel of Service and potentially locking all the users's activeClaim in the contract. Proof of Concept The function withdrawAdmin is used by the Admin to withdraw unallocated tokens. "uint256 amountRemaining" allows the admin to...

Design/Logic Flaw

IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service after entering a malformed SQL statement into the Db2expln tool. IBM X-Force ID: 230823...

PT-2022-15562 · WordPress · Wpide

Name of the Vulnerable Software and Affected Versions: WPIDE WordPress plugin versions prior to 3.0 Description: The issue arises from the lack of sanitization and validation of the filename parameter before it is used in a require statement within the admin dashboard, leading to a Local File...

Opera Privacy Statement Update 2022

Privacy Opera Privacy Statement Update 2022 Share August 29th, 2022 Opera, a browser company based out of Oslo, Norway, cares deeply about user security and data protection. With that in mind, we actively work on improving our internal practices and communications with you, our users. We are maki...

Elastic Stack 8.4.0, 7.17.6 Security Statement

Elastic Statement for Oracle July Critical Patch Update CVE-2022-21540, CVE-2022-21541, CVE-2022-21549, CVE-2022-25647, CVE-2022-34169 Summary : Oracle released their July Critical Patch Update for Java SE which contains 5 CVEs. Elastic has analyzed the flaws described by these CVEs and the...

CVE-2022-34770 Tabit - sensitive information disclosure

Tabit - sensitive information disclosure. Several APIs on the web system display, without authorization, sensitive information such as health statements, previous bills in a specific restaurant, alcohol consumption and smoking habits. Each of the described API’s, has in its URL one or more MongoD...

CVE-2022-34770

CVE-2022-34770 concerns Tabit exposure of sensitive information via multiple web APIs that reveal health statements, bills, alcohol consumption, and smoking habits without proper authorization. Affected components include endpoints that expose MongoDB IDs in their URLs and rely on tiny URLs like ...

Sql injection

This Rails gem adds two methods to the ActiveRecord::Base class that allow you to update many records on a single database hit, using a case sql statement for it. Before version 0.1.3 updatebycase gem used custom sql strings, and it was not sanitized, making it vulnerable to sql injection. Upgrad...

CVE-2022-2693 SourceCodester Electronic Medical Records System UPDATE Statement register.php sql injection

A vulnerability has been found in SourceCodester Electronic Medical Records System and classified as critical. This vulnerability affects unknown code of the file register.php of the component UPDATE Statement Handler. The manipulation of the argument pconsultation leads to sql injection. The...

Electronic Medical Records System SQL注入漏洞

Electronic Medical Records System is an electronic medical records system. SourceCodester Electronic Medical Records System suffers from a SQL injection vulnerability that stems from an unknown portion of the UPDATE Statement parameter handling code in its Register.php component where manipulatio...

Pharmacy Management System invoiceprint.php SQL Injection Vulnerability

Pharmacy Management System MPMS is a multilingual pharmacy management system from the personal developer Mayuri K. A SQL injection vulnerability exists in Pharmacy Management System v1.0, which stems from a lack of validation of the id parameter in invoiceprint.php against external input SQL...

CVE-2022-34967

The assertion stmt-Dbc-FirstStmt' failed in MonetDB Database Server v11.43.13...

Use safetransfer/safetransferFrom consistently instead of transfer/transferFrom

Lines of code Vulnerability details Impact Its a good to add require statement to checks the return value of token transfer or using safetransfer or safetransferFrom on Openzeppelin to ensure the token revert when transfer failure. Failure to do so will cause silent failures of transfer and affec...

mariadb: crash when using HAVING with NOT EXIST predicate in an equality

A flaw was found in the MariaDB Server. It contains a segmentation fault via the component, sql/itemsubselect.cc, affecting availability...