goldsilber.org XSS vulnerability

Open Bug Bounty ID: OBB-680337 Description| Value ---|--- Affected Website:| goldsilber.org Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

crcpress.com Cross Site Scripting vulnerability OBB-643766

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| crcpress.com ---|--- Open Bug Bounty...

gloucestershiregrenadiers.co.uk XSS vulnerability

Open Bug Bounty ID: OBB-634836 Description| Value ---|--- Affected Website:| gloucestershiregrenadiers.co.uk Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

CVE-2011-2750

creationtimestamp| type| source ---|---|--- 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/http/novellfilereporterfiledelete.rb 2025-02-06 03:13:40+00:00| seen| MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd 2025-02-23 04:08:56+00:00...

aeiou.pt Cross Site Scripting vulnerability OBB-611055

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| aeiou.pt ---|--- Open Bug Bounty...

ucis.pitt.edu Improper Access Control vulnerability

Open Bug Bounty ID: OBB-600151 Description| Value ---|--- Affected Website:| ucis.pitt.edu Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| IAC Improper Access Control / CWE-284 CVSSv3 Score:| 6.5...

tophanehaber.com XSS vulnerability

Open Bug Bounty ID: OBB-597484 Description| Value ---|--- Affected Website:| tophanehaber.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

CVE-2018-8754

The libevtrecordvaluesreadevent function in libevtrecordvalues.c in libevt before 2018-03-17 does not properly check for out-of-bounds values of user SID data size, strings size, or data size. NOTE: the vendor has disputed this as described in libyal/libevt issue 5 on GitHub...

disc-order.com XSS vulnerability

Open Bug Bounty ID: OBB-547179 Description| Value ---|--- Affected Website:| disc-order.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

[SECURITY] [DLA 1115-1] debsecan update

Package : debsecan Version : 0.4.16+nmu1+deb7u1 Debian Bug : 842428 Debsecan in Wheezy in its default configuration currently fails to download recent vulnerability data due to an URL change. For Debian 7 "Wheezy", these problems have been fixed in version 0.4.16+nmu1+deb7u1. We recommend that yo...

SUSE-SU-2017:2518-1 Security update for php5

This update for php5 fixes on issues. This security issue was fixed: - CVE-2017-12933: The finishnesteddata function in ext/standard/varunserializer.re was prone to a buffer over-read while unserializing untrusted data. Exploitation of this issue could have had an unspecified impact on the...

PHDays VII: To Vulnerability Database and beyond

Last Tuesday and Wednesday, May 23-24, I attended PHDays VII conference in Moscow. I was talking there about vulnerability databases and the evolution process of vulnerability assessment tools, as far as I understand it. But first of all, a few words about the conference itself. I can tell that...

CVE-2017-3571

CVE-2017-3571 affects Oracle PeopleSoft Enterprise SCM eBill Payment (component: Security) version 9.2. A vulnerability allows a high-privilege attacker with network access via HTTP to compromise the SCM eBill Payment component, potentially enabling unauthorized creation, deletion or modification...

Clair - Vulnerability Static Analysis for Containers

Clair is an open source project for the static analysis of vulnerabilities in appc and docker containers. Vulnerability data is continuously imported from a known set of sources and correlated with the indexed contents of container images in order to produce lists of vulnerabilities that threaten...

CVE-2014-8242

librsync before 1.0.0 uses a truncated MD4 checksum to match blocks, which makes it easier for remote attackers to modify transmitted data via a birthday attack...

! metasploit exploit module development tutorial! - Vulnerability warning-the black bar safety net

How to write a Metasploit POST-development module ! Metasploit currently has a about a 1 5 0 a exploit module. Most of the exploits using the module are through the Windows, Solaris and Cisco these platforms were collected. At the same time, Metasploit can also for these modules on the line...

Progea Movicon < 11.4 Build 1150 Information Disclosure Vulnerability

Binary data 7128.pasl...

NSA's Alexander Appeals For Threat Information Sharing

WASHINGTON– While Congress and the technology community are still debating and discussing the intelligence gathering capabilities of NSA revealed in recent months, the agency’s director, Gen. Keith Alexander, is not just defending the use of these existing tools, but is pitching the idea of shari...

Sensitive Army database of U.S. dams compromised by Chinese Hackers

U.S. intelligence agencies traced a recent cyber intrusion into U.S. Army database that holds sensitive information about vulnerabilities in U.S. dams. The U.S. Army Corps of Engineers National Inventory of Dams contains information about 79,000 dams throughout the country and tracks such...

CVE-2013-1544

Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language...