322 matches found
CVE-2022-30619
Editable SQL Queries behind Base64 encoding sending from the Client-Side to The Server-Side for a particular API used in legacy Work Center module. He attack is available for any authenticated user, in any kind of rule. under the function : /AgilePointServer/Extension/FetchUsingEncodedData in the...
WordPress plugin Login using WordPress Users 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. cross-site scripting vulnerability exists in versions prior to WordPress Login using WordPress Users plugin...
safeMath function being used without importing the safeMath library preventing contract compilation
Lines of code Vulnerability details Impact Contract NotionalTradeModule.sol will not compile due to an error caused by missing import of safeMath and the directive using for. Since safeMath is not imported and no using for directive, the contract would not even compile as it would throw an error ...
SUSE: Security Advisory (SUSE-SU-2022:1920-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Exploit for Path Traversal in Apache Http_Server
CVE-2021-42013 C implementation of the infamous Apache 2.4.50...
eurotherm-sales.com Cross Site Scripting vulnerability OBB-2613414
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
mabinogi.fws.tw Cross Site Scripting vulnerability OBB-2505503
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
norara.gameangel.com Cross Site Scripting vulnerability OBB-2504425
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
com.brdev.ethereumpostage.info Cross Site Scripting vulnerability OBB-2468930
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
chantdemonpays.qc.ca Cross Site Scripting vulnerability OBB-2418740
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
overseaspropertylocator.co.uk Cross Site Scripting vulnerability OBB-2311020
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Malicious Package
Overview discordjs-lofy is a malicious package. This package injecting malicious Javascript code into the Discord client. Remediation Avoid using all malicious instances of the discordjs-lofy package...
secure.action.news Cross Site Scripting vulnerability OBB-2282566
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
in star7th/showdoc
Description - CWE: CWE-288:Authentication Bypass Using an Alternate Path or Channel - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L , CVSS Score: 8.3High - Credit:Qianxin, Network Security Department, Product-Safety Team Unc1e In showdoc, there is a SSO process , DOC is shown in...
Git git-lfs Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Git Remote Code Execution via git-lfs CVE-2020-27955', 'Description' = %q A critical vulnerability CVE-2020-27955 in Git Large File Storage Git...
LightMe - HTTP Server Serving Obfuscated Powershell Scripts/Payloads
LightMe is a Simple HTTP Server serving Powershell Scripts/Payloads after Obfuscate them and run obfuscation as a service in backgroud in order to keep obfuscate the payloads which giving almost new obfuscated payload on each HTTP request Main Features Obfuscate all powershell files within a...
Security Bulletin: IBM QRadar SIEM is vulnerable to Using Components with Known Vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. Vulnerability Details CVEID: CVE-2020-8908 DESCRIPTION: Guava could allow a remote authenticated attacker to bypass security restrictions, caused by a temp...
boastMachine vulnerable to cross-site scripting
Overview boastMachine provided by knadh contains a cross-site scripting vulnerability CWE-79. Daiki Fukumori reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may be executed on the user's...
SUSE: Security Advisory (SUSE-SU-2016:2449-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2014:0248-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...