placestoseeintennessee.com Improper Access Control vulnerability OBB-3807106

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Tennessee Valley Authority: Incorrect Authorization leads to see other users Documents Uploaded

Vulnerability description not provided...

Tennessee Valley Authority: internal path disclosure via register error

Vulnerability description not provided...

Tennessee Valley Authority: access to profile & reset password page without authentication

Vulnerability description not provided...

Tennessee Valley Authority: File listing through scripts folder

Files were publicly accessible through a SharePoint site, allowing attackers to potentially enumerate sensitive information...

Tennessee Valley Authority: Admin.MyTVA.com Customer lookup and internal notes bypass

The admin.mytva.com site had a vulnerability that allowed an attacker to bypass the login and access admin-only endpoints. This could lead to unauthorized access to customer information and the ability to add internal notes...

Indiana, Iowa, and Tennessee Pass Comprehensive Privacy Laws

Its been a big month for US data privacy. Indiana, Iowa, and Tennessee all passed state privacy laws, bringing the total number of states with a privacy law up to eight. No private right of action in any of those, which means its up to the states to enforce the laws...

tennesseecorps.com Cross Site Scripting vulnerability OBB-3205335

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

everywhere.tennessee.edu Cross Site Scripting vulnerability OBB-2681004

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

nashvilletennesseedancers.ch Cross Site Scripting vulnerability OBB-2565379

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Tennessee Valley Authority: xss reflected - pqm.tva.com

An XSS vulnerability was discovered on pqm.tva.com. This vulnerability allowed an attacker to inject malicious code into the website, potentially leading to various attacks such as stealing user information or redirecting users to malicious websites...

Tennessee Valley Authority: xss reflected - pq.tva.com

An XSS vulnerability was discovered on pq.tva.com, allowing an attacker to inject malicious code into the website. This could potentially lead to various attacks, such as stealing user cookies or redirecting users to fake websites...

secure.tennesseetrustee.org Cross Site Scripting vulnerability OBB-2120085

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Tennessee Valley Authority: Rate limit missing sign-in page

Vulnerability description not provided...

Serial Swatter Who Caused Death Gets Five Years in Prison

A 18-year-old Tennessee man who helped set in motion a fraudulent distress call to police that led to the death of a 60-year-old grandfather in 2020 was sentenced to 60 months in prison today. 60-year-old Mark Herring died of a heart attack after police surrounded his home in response to a swatti...

Tennessee Valley Authority: SQL Injection on https://soa-accp.glbx.tva.gov/ via "/api/" path - VI-21-015

Summary: i've found this subdomain soa-accp.glbx.tva.gov also is vulnerable to SQLI through /api/ path Steps To Reproduce: https://soa-accp.glbx.tva.gov/api/river/observed-data/GVDA1'+%2f!50000union%2f+SELECT+HOSTNAME--+- hostname dumped...

tennessee.farmvisit.com XSS vulnerability

Open Bug Bounty ID: OBB-653456 Description| Value ---|--- Affected Website:| tennessee.farmvisit.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

CVE-2017-9575

The CVE-2017-9575 issue affects the iOS app FVB Mobile Banking (First Volunteer Bank of Tennessee) version 3.1.1 (fvb-mobile-banking/id551018004). The underlying vulnerability is failure to verify X.509 certificates from SSL servers, enabling MITM attackers to spoof servers and access sensitive d...

extension.tennessee.edu XSS vulnerability

Vulnerable URL: https://extension.tennessee.edu/search/pages/results.aspx?k=test=%27-confirmOPENBUGBOUNTY-%27 Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculate...

chattanoogachristianchargers-tn.e-ppe.com XSS vulnerability

Vulnerable URL: https://chattanoogachristianchargers-tn.e-ppe.com/secure/session/registration.jspa?email=%22%3E%3Csvg/onload=prompt%28/OPENBUGBOUNTY/%29%3E Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown ...