MAL-2022-175 Malicious code in @cobalt-team/support-email (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4415fff565dfcd73b3d7b833cb710c1c434e9b840697cb99f753d7b69258c01a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

All Vulnerabilities for ssjj.suining.gov.cn Patched via Open Bug Bounty

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| ssjj.suining.gov.cn ---|--- Open Bug...

Server-Side Template Injection

Impact A Server-Side Template Injection was identified in BrowserUp Proxy enabling attackers to inject arbitrary Java EL expressions, leading to unauthenticated Remote Code Execution RCE vulnerability. This has been assigned CVE-2020-26282. Patches Effective Immediately, all users should upgrade ...

Mail.ru: Disclosure of personal support email addresses on 'support-fleet.city-mobil.ru'

IDOR vulnerability in support-fleet.city-mobil.ru allowed to disclose the support staff e-mail addresses...

Trustpilot: IDOR in sending support email upon Verifying user business domain

Summary Trustpilot Business is making sure that you own the domain you have registered before continuing the process so they set 5 choices on how to verify. But there's another one, which is through sending a support ticket. By this you can send message to a support and hope to help you out. Ther...

WordPress plugin "WP Booking System" vulnerable to cross-site scripting

Overview The WordPress plugin "WP Booking System" provided by WP Booking System contains a stored cross-site scripting vulnerability CWE-79. Satoshi Takagi of Cryptography Laboratory,Department of Information and Communication Engineering,Tokyo Denki University reported this vulnerability to IPA...

HOMEPINA File Disclosure / Directory Traversal

HOMEPIMA Design Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : 1337day.com 0 1 + Support e-mail : submitat1337day.com 1 0 0 1 1 0 I'm KnocKout member from Inj3ct0r Team 1 1 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 My...

Tumblr security flaw, Clarification by Tumblr official staff !

Tumblr security flaw, Clarification by Tumblr official staff ! On our yesterday post about Tumblr security flaw : server IPS, API keys, passwords, etc were leaked, Finally Tumblr official staff gives a statement to all their users as below : A human error caused some sensitive server configuratio...

BPJewelry Store SQL Injection

----------------------------------------------------------------------------------------- BPJewelry Store SQL-i Vulnerability ----------------------------------------------------------------------------------------- 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /'...

Onion CMS (XSS/RFI/URL Redirecting) Multiple Vulnerability

Exploit for php platform in category web applications ========================================================== Onion CMS XSS/RFI/URL Redirecting Multiple Vulnerability ==========================================================...

FusionForge 5.0 Multiple Remote File Include Vulnerability

Exploit for php platform in category web applications ========================================================== FusionForge 5.0 Multiple Remote File Include Vulnerability ========================================================== + FusionForge 5.0 Multiple Remote File Include Vulnerability...