2767 matches found
PT-2023-20749 · Idweb · Idweb
Name of the Vulnerable Software and Affected Versions: IDWeb application versions 3.1.052 and earlier Description: The issue concerns an unauthenticated SQL injection in the GetExcursionDetails method. This allows unauthenticated attackers to extract or modify all data. Recommendations: For...
PT-2023-8180 · Abo.Cms · Abo.Cms
Name of the Vulnerable Software and Affected Versions: ABO.CMS version 5.9.3 Description: The issue is related to a SQL Injection vulnerability in the Documents module of ABO.CMS, which allows remote attackers to execute arbitrary code via the d parameter. This vulnerability is due to the lack of...
Fides JavaScript Injection Vulnerability in Privacy Center URL
Impact The Fides web application allows users to edit consent and privacy notices such as cookie banners. These privacy notices can then be served by other integrated websites, for example in cookie consent banners. One of the editable fields is a privacy policy URL and this input was found to no...
PT-2023-28987 · Geoserver · Geoserver
Name of the Vulnerable Software and Affected Versions: GeoServer versions prior to 2.22.5 GeoServer versions prior to 2.23.2 GeoServer version 2.20.5 GeoServer version 2.21.0 Description: The OGC Web Processing Service WPS specification in GeoServer allows processing of information from any serve...
PT-2023-29558 · Netis · Netis N3Mv2
Name of the Vulnerable Software and Affected Versions: Netis N3Mv2 version 1.0.1.865 Description: A command injection issue was discovered via the ntpServIP parameter in the Time Settings. This allows for potential exploitation. Recommendations: For Netis N3Mv2 version 1.0.1.865, consider...
tpoi.info Cross Site Scripting vulnerability OBB-3741520
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
SUSE-SU-2023:4041-1 Security update for php-composer2
This update for php-composer2 fixes the following issues: - CVE-2023-43655: Fixed a remote code execution issue that could be triggered if users published a web-accessible composer.phar file bsc1215859...
gapfa.org Cross Site Scripting vulnerability OBB-3736551
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
PT-2023-25364 · No Magic · Teamwork Cloud
Name of the Vulnerable Software and Affected Versions: Teamwork Cloud versions No Magic Release 2021x through No Magic Release 2022x Description: A Cross-Site Request Forgery CSRF vulnerability could allow an attacker to send a specifically crafted query to the server under certain conditions...
SA-2023-08-08-CVE-2023-35083
SECURITY ADVISORY 08-08-2023 Product Affected: Ivanti Endpoint Manager A vulnerability was recently discovered for EPM 2022 SU3 and all previous versions. We have a Hotfix available to remediate this vulnerability that can be found by going to CVE-2023-35083 Full details. Please log into the...
PT-2023-24025 · Nxlog · Nxlog Manager
Name of the Vulnerable Software and Affected Versions: NXLog Manager version 5.6.5633 Description: A Cross-Site Request Forgery CSRF issue allows an attacker to manipulate and delete user accounts within the platform by sending a specifically crafted query to the server. This is due to the lack o...
thebasementcanberra.com.au Cross Site Scripting vulnerability OBB-3704338
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
gucce.com.au Cross Site Scripting vulnerability OBB-3701284
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
c-mirai.org Cross Site Scripting vulnerability OBB-3689851
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
aristocratflower.ru Cross Site Scripting vulnerability OBB-3683716
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
winkelled.com Cross Site Scripting vulnerability OBB-3678078
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
The main causes of ransomware reinfection
A few months ago, we wrote about a ransomware reinfection incident. Ransomware reinfection arguably could be even worse than being a first time victim. Unfortunately it happens more often than you may think. Research shows that in 2022, more than a third 38% of surveyed organizations fell victim ...
PT-2023-26657 · Decode · Openstamanager
Name of the Vulnerable Software and Affected Versions: DevCode OpenSTAManager versions 2.4.24 through 2.4.47 Description: A reflected cross-site scripting XSS vulnerability may allow a remote attacker to execute arbitrary JavaScript in the web browser of a victim by injecting a malicious payload...
knitterchat.com Cross Site Scripting vulnerability OBB-3627592
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
PT-2023-26615 · Netis Systems · Netis Systems Wf2409E
Name of the Vulnerable Software and Affected Versions: NETIS SYSTEMS WF2409E version 3.6.42541 Description: An issue in the diagnostic tools component of the admin management interface allows a remote attacker to execute arbitrary code via the ping and traceroute functions. Recommendations: For...