293 matches found
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in Thomas Belser Asgaros Forum plugin = 2.2.0 versions...
CVE-2022-41608 WordPress Asgaros Forum Plugin <= 2.2.0 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in Thomas Belser Asgaros Forum plugin = 2.2.0 versions...
WordPress ShiftController Employee Shift Scheduling Plugin <= 4.9.25 is vulnerable to Cross Site Scripting (XSS)
Software ShiftController Employee Shift Scheduling Type Plugin Vulnerable versions = 4.9.25 Fixed in 4.9.26 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1978 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID dde7717ec078...
Korenix Jetwave
1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Korenix Equipment: Jetwave Vulnerabilities: Command Injection, Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to gain full...
QATzip for Intel® QAT Advisory
Summary: A potential security vulnerability in the QATzip software maintained by Intel® for Intel® QuickAssist Technology QAT may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2022-36369 Description:...
thedirectory-thomas-s.co.uk Cross Site Scripting vulnerability OBB-3107375
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
WordPress core <= 6.0.2 - Content From Multipart Emails Leak vulnerability
Content From Multipart Emails Leak vulnerability when HTML/plaintext used discovered by Thomas Kräftner in WordPress core versions = 6.0.2. Solution Update the WordPress WordPress wordpress to the latest available version at least 6.0.3...
LIEF Denial of Service Vulnerability
LIEF is a cross-platform library from the personal developer Romain Thomas. Used for parsing, modifying and abstracting Elf, Pe and MachO formats, a denial of service vulnerability exists in LIEF v0.12.1, which stems from a failure to properly handle incoming error messages in the initandparse...
LIEF 代码问题漏洞
LIEF is a cross-platform library from the individual developer Romain Thomas. It is used to parse, modify and abstract Elf, Pe and MachO formats. LIEF suffers from a code issue vulnerability that stems from a segmentation violation found in the LIEF::MachO::SegmentCommand::fileoffset function in...
OctoBot WebInterface 0.4.3 - Remote Code Execution Exploit
Exploit Title: OctoBot WebInterface 0.4.3 - Remote Code Execution RCE Exploit Author: Samy Younsi, Thomas Knudsen Vendor Homepage: https://www.octobot.online/ Software Link: https://github.com/Drakkar-Software/OctoBot Version: 0.4.0beta3 - 0.4.3 Tested on: Linux Ubuntu, CentOs CVE : CVE-2021-3671...
thomas-luebow.de Cross Site Scripting vulnerability OBB-2718463
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
bignum 安全漏洞
bignum is an arbitrary precision integral algorithm for Node.js using OpenSSL by Stefan Thomas, a personal developer. A security vulnerability exists in bignum that stems from vulnerability to denial of service DoS attacks...
How a senior product manager is leading the passwordless movement at Microsoft
May 5, 2022, is World Password Day, a day we all use to create awareness around password security. At Microsoft, we choose to celebrate replacing passwords with better and more secure ways to sign in. I can’t think of a better person at Microsoft to represent this journey than Libby Brown, a seni...
glennthomas.us Cross Site Scripting vulnerability OBB-2548122
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
USN-5322-1 subversion vulnerability
Thomas Akesson discovered that Subversion incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service...
Stable Channel Update for Desktop
The Chrome team is delighted to announce the promotion of Chrome 99 to the stable channel for Windows, Mac and Linux.This will roll out over the coming days/weeks. Chrome 99.0.4844.51 for Windows,Mac and Linux contains a number of fixes and improvements -- a list of changes is available in the lo...
Rubeus - C# Toolset For Raw Kerberos Interaction And Abuses
Rubeus is a C toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpy's Kekeo project CC BY-NC-SA 4.0 license and Vincent LE TOUX's MakeMeEnterpriseAdmin project GPL v3.0 license. Full credit goes to Benjamin and Vincent for working out the hard components of...
Fixed in Apache Tomcat 10.0.4
Note: The issue below was fixed in Apache Tomcat 10.0.3 but the release vote for the 10.0.3 release candidate did not pass. Therefore, although users must download 10.0.4 to obtain a version that includes a fix for these issues, version 10.0.3 is not included in the list of affected versions...
Cody Thomas Mythic Cross-Site Scripting Vulnerability
Cody Thomas Mythic is a Python-based platform used by Cody Thomas Individual Developer to provide solutions to Opsec issues. Cody Thomas Mythic 1.4 suffers from a cross-site scripting vulnerability that allows an attacker to steal remote administrative user sessions or add new users to the admin...
thomas-guichard.fr Cross Site Scripting vulnerability OBB-1460724
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...