Lucene search
K

50 matches found

Veracode
Veracode
added 2023/11/16 5:56 a.m.21 views

Weak 2FA Code Generation

Fides is vulnerable to Weak Code Generation. The vulnerability is due to the usage of the python random module used for generating one time codes in the Privacy and Consent request process which is considered to be a cryptographically weak pseudo-random number generator. This issue allows an...

9.1CVSS7.4AI score0.00992EPSS
Exploits0References3Affected Software1
Openbugbounty
Openbugbounty
added 2023/09/10 7:29 a.m.7 views

thegeoroom.co.zw Cross Site Scripting vulnerability OBB-3661504

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.1AI score
Exploits0
Code423n4
Code423n4
added 2023/08/28 12:0 a.m.12 views

Using incorrect parameter for checking the reserve

Lines of code Vulnerability details Impact At line 549 within the swap function's code, the internal call to the function checkBalances checks the reserve for token x is carried out using xi + specifiedAmount instead of xi + roundedSpecifiedAmount. When using roundedSpecifiedAmount passes the che...

6.7AI score
Exploits0
Openbugbounty
Openbugbounty
added 2023/08/27 1:19 p.m.10 views

dorothee-vermaaten.de Cross Site Scripting vulnerability OBB-3620826

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.1AI score
Exploits0
Openbugbounty
Openbugbounty
added 2023/07/11 1:1 p.m.16 views

espi.jp Cross Site Scripting vulnerability OBB-3503482

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.1AI score
Exploits0
Openbugbounty
Openbugbounty
added 2022/03/08 9:44 a.m.13 views

grannyshagger.co.uk Improper Access Control vulnerability OBB-2415622

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

0.1AI score
Exploits0
OSV
OSV
added 2021/12/08 12:1 a.m.16 views

GHSA-WJQC-J537-J9GJ Command injection in git-it-electron

Git-it through 4.4.0 allows OS command injection at the Branches Aren't Just For Birds challenge step. During the verification process, it attempts to run the reflog command followed by the current branch name which is not sanitized for execution...

9.8CVSS9.8AI score0.03468EPSS
Exploits1References5
Prion
Prion
added 2021/12/07 12:15 a.m.14 views

Command injection

Git-it through 4.4.0 allows OS command injection at the Branches Aren't Just For Birds challenge step. During the verification process, it attempts to run the reflog command followed by the current branch name which is not sanitized for execution...

7.5CVSS9.8AI score0.03468EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2021/08/13 4:15 p.m.18 views

Design/Logic Flaw

Discourse is an open-source platform for community discussion. In Discourse before versions 2.7.8 and 2.8.0.beta4, when adding additional email addresses to an existing account on a Discourse site an email token is generated as part of the email verification process. Deleting the additional email...

5CVSS7.5AI score0.00833EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2021/03/10 12:0 a.m.59 views

NewStart CGSL CORE 5.04 / MAIN 5.04 : grub2 Multiple Vulnerabilities (NS-SA-2021-0008)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has grub2 packages installed that are affected by multiple vulnerabilities: - A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw...

8.2CVSS8AI score0.01588EPSS
Exploits1References9
Hacker One
Hacker One
added 2021/01/20 3:41 p.m.25 views

Kartpay: Full Path Disclosure of Server through 500 Server Error

Hello team, EXPLANATION ============ I found a interesting vulnerability into your site that it unexpected disclosing the server path where the PHP files are being hosted. When application sends account verification links in email then if anyone tries to verify his account with that link at a twi...

0.2AI score
Exploits0
OSV
OSV
added 2020/08/13 3:15 a.m.2 views

CVE-2020-8712

Buffer overflow in a verification process for some IntelR Server Boards, Server Systems and Compute Modules before version 2.45 may allow an authenticated user to potentially enable escalation of privilege via local access...

7.8CVSS7.1AI score0.00365EPSS
Exploits0References2
Prion
Prion
added 2020/08/13 3:15 a.m.13 views

Buffer overflow

Buffer overflow in a verification process for some IntelR Server Boards, Server Systems and Compute Modules before version 2.45 may allow an authenticated user to potentially enable escalation of privilege via local access...

4.6CVSS7.9AI score0.00365EPSS
Exploits0References2Affected Software18
ATTACKERKB
ATTACKERKB
added 2020/07/30 12:0 a.m.53 views

CVE-2020-10713 - BootHole

A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel, an attacker would first need to establish access...

9CVSS1.4AI score0.77282EPSS
Exploits3References17
Openbugbounty
Openbugbounty
added 2020/06/10 10:16 a.m.9 views

epczone.co.kr Cross Site Scripting vulnerability OBB-1190941

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Exploits0
Hacker One
Hacker One
added 2020/02/24 8:51 a.m.116 views

Nord Security: Unauthorized User Can Delete Any User Account

DESCRIPTION: Your help desk allows creating tickets by email. Which means the user can send an email to the NordVPN support email to a add a new ticket to his activities. So when you send an email to [email protected] from your email address, this ticket will be created on the account that you...

6.8AI score
Exploits0
Hacker One
Hacker One
added 2019/09/23 8:50 p.m.111 views

Mail.ru: worki.ru: SMS code bruteforce

SMS code verification process in worki.ru was not sufficiently protected against bruteforce attack Common flaws of SMS auth: https://blog.deteact.com/common-flaws-of-sms-auth/...

1.6AI score
Exploits0
Veracode
Veracode
added 2019/07/03 5:12 a.m.19 views

Verification Process Spoofing

django-rest-registration is vulnerable to verification process spoofing. The misuse of django signing API and just relying on static string for signatures leads to easily guessable signatures used for email verification...

9.8CVSS9.2AI score0.01621EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2019/07/02 10:15 p.m.16 views

Design/Logic Flaw

verification.py in django-rest-registration aka Django REST Registration library before 0.5.0 relies on a static string for signatures i.e., the Django Signing API is misused, which allows remote attackers to spoof the verification process. This occurs because incorrect code refactoring led to...

7.5CVSS9.3AI score0.01621EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2019/07/02 9:17 p.m.47 views

CVE-2019-13177

verification.py in django-rest-registration aka Django REST Registration library before 0.5.0 relies on a static string for signatures i.e., the Django Signing API is misused, which allows remote attackers to spoof the verification process. This occurs because incorrect code refactoring led to...

9.4AI score0.01621EPSS
Exploits1References2
Rows per page
Query Builder