2754 matches found
kuwaitpr.com Cross Site Scripting vulnerability OBB-3413434
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Code injection
TGstation is a toolset to manage production BYOND servers. In affected versions if a Windows user was registered in tgstation-server TGS, an attacker could discover their username by brute-forcing the login endpoint with an invalid password. When a valid Windows logon was found, a distinct respon...
SA-2023-06-06-CVE-2023-28324
SECURITY ADVISORY 06-06-2023 Product Affected: Ivanti Endpoint Manager A vulnerability was recently discovered for Ivanti Endpoint Manager for all versions of 2022 SU2 and below. Please patch to the latest version of EPM 2022. If you are using 2021.1, please patch to SU4 and apply the hotfix as...
Play ransomware gang compromises Spanish bank, threatens to leak files
Ransomware is creating additional work for a major Spanish bank. Globalcaja, said to have more than 300 offices in Spain and close to half a million customers, has fallen victim to the Play ransomware gang. The gang claim to have swiped both private and personal information in the attack--includi...
DEBIAN-CVE-2023-32685
Kanboard is project management software that focuses on the Kanban methodology. Due to improper handling of elements under the contentEditable element, maliciously crafted clipboard content can inject arbitrary HTML tags into the DOM. A low-privileged attacker with permission to attach a document...
CVE-2023-1668 affecting package openvswitch for versions less than 2.17.5-2
CVE-2023-1668 affecting package openvswitch for versions less than 2.17.5-2. A patched version of the package is available...
Rheinmetall attacked by BlackBasta ransomware
On Friday May 19, 2023, the German arms producer Rheinmetall acknowledged a cyber-incident at one of its subsidiaries in the private sector. The BlackBasta ransomware group has already claimed responsibility for the attack through its leak-site. Entry for Rheinmetall on BlackBasta leak site...
Employee guilty of joining ransomware attack on his own company
A 28-year old IT Security Analyst pleaded guilty and will consequently be convicted of blackmail and unauthorized access to a computer with intent to commit other offences. It all started when the UK gene and cell therapy company Oxford BioMedica fell victim to a cybersecurity incident which...
[Important] [Security] Virtuozzo ReadyKernel Patch 156.4 for Virtuozzo Hybrid Server 7.5
The cumulative Virtuozzo ReadyKernel patch was updated with security fixes. The patch applies to all supported kernels of Virtuozzo Hybrid Server 7.5. Vulnerability id: CVE-2022-24448 3.10.0-1160.41.1.vz7.183.5 to 3.10.0-1160.80.1.vz7.191.4 Handle case where the lookup of a directory but the file...
WordPress Unite Gallery Lite Plugin <= 1.7.59 is vulnerable to Local File Inclusion
Software Unite Gallery Lite Type Plugin Vulnerable versions = 1.7.59 Fixed in 1.7.60 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2023-33310 Patch priority Low CVSS severity Low 6 Developer Claim ownership PSID 48cbd93fa977 Credits yuyudhn Required privilege Administrato...
nagoya-itkaikei.ac.jp Cross Site Scripting vulnerability OBB-3351462
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
zoewebs.com Cross Site Scripting vulnerability OBB-3349252
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
PT-2023-23581 · Unknown · Xwiki Platform
Name of the Vulnerable Software and Affected Versions: XWiki Platform versions prior to 14.10.4 Description: The XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions prior to 14.10.4, it is possible to exploit well-known parameters i...
Oracle Linux 9 : xorg-x11-server-Xwayland (ELSA-2023-2249)
The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2023-2249 advisory. - Fix CVE-2023-0494 2166974 - Follow-up fix for CVE-2022-46340 2151778 - CVE fix for: CVE-2022-4283 2151803, CVE-2022-46340 2151778, CVE-2022-46341...
typelane.com Cross Site Scripting vulnerability OBB-3335515
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
localsolidaritydays.eu Cross Site Scripting vulnerability OBB-3322232
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
aecomviz.com Cross Site Scripting vulnerability OBB-3322052
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2023-31137 MaraDNS Integer Underflow Vulnerability in DNS Packet Decompression
MaraDNS is open-source software that implements the Domain Name System DNS. In version 3.5.0024 and prior, a remotely exploitable integer underflow vulnerability in the DNS packet decompression function allows an attacker to cause a Denial of Service by triggering an abnormal program termination...
CVE-2023-31126 Improper Neutralization of Invalid Characters in Data Attribute Names in org.xwiki.commons:xwiki-commons-xml
org.xwiki.commons:xwiki-commons-xml is an XML library used by the open-source wiki platform XWiki. The HTML sanitizer, introduced in version 14.6-rc-1, allows the injection of arbitrary HTML code and thus cross-site scripting via invalid data attributes. This vulnerability does not affect...
waltson.be Cross Site Scripting vulnerability OBB-3312246
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...