EUVD-2022-44132

Malicious code in bioql PyPI...

CVE-2020-0752

An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0666, CVE-2020-0667, CVE-2020-0735...

lacunza.es Cross Site Scripting vulnerability OBB-4042272

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2022-49247 media: stk1160: If start stream fails, return buffers with VB2_BUF_STATE_QUEUED

In the Linux kernel, the following vulnerability has been resolved: media: stk1160: If start stream fails, return buffers with VB2BUFSTATEQUEUED If the callback 'startstreaming' fails, then all queued buffers in the driver should be returned with state 'VB2BUFSTATEQUEUED'. Currently, they are...

hoalanveneer.com Cross Site Scripting vulnerability OBB-3370988

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2023-24950 Microsoft SharePoint Server Spoofing Vulnerability

...

CVE-2023-0591

The CVE-2023-0591 entry affects ubi-reader before 0.8.5 and describes a path traversal vulnerability in ubireader_extract_files. A node name (dent_node.name) is treated as trusted and joined to the extraction directory path during processing, with the node content written to the joined path. By c...

Miss tier 0 when looping through all tiers

Lines of code Vulnerability details Impact Miss tier 0 when looping through all tiers, which will result in wrong data as not all tiers data are counted. Proof of Concept Tools Used Recommended Mitigation Steps Include the tier 0 when looping through all tiers and modify the codes to as follows:...

Hudson XML API susceptible to External Entity Injection Vunerability prior to v3.3.2

In versions prior to 3.3.2, Hudson exhibits a flaw in its XML API processing that can allow access to potentially sensitive information on the filesystem of the Hudson master server...

PYSEC-2022-228

An Access Control vunerabiity exists in Gerapy v 0.9.7 via the spider parameter in projectconfigure function...

Command injection

A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager versions: ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for...

dursunlarotomotiv.com.tr Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1188610 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website...

everyangle.com Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1185942 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website...

CVE-2020-2853

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Privileges. Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

MS13-003: Vulnerabilities in System Center Operations Manager could allow elevation of privilege: March 12, 2013

Resolves vulnerabilities in Microsoft System Center Operations Manager that could allow elevation of privilege if a user visits an affected website by way of a specially crafted URL.INTRODUCTIONMicrosoft has released security bulletin MS13-003. To view the complete security bulletin, visit the...

namenderkunst.com Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1127394 Security Researcher g0bl1nsec Helped patch 3766 vulnerabilities Received 4 Coordinated Disclosure badges Received 3 recommendations , a holder of 4 badges for responsible and coordinated disclosure, found a security vulnerability affecting namenderkunst.com website...

WordPress Theme Real Estate 2.8.9 - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Real Estate 7 - Real Estate WordPress Theme v2.8.9 Persistent XSS Injection Google Dork: inurl:"/wp-content/themes/realestate-7/" Author: m0ze Vendor Homepage: https://contempothemes.com Software Link:...

patronbox.hu Cross Site Scripting vulnerability

Security Researcher CoderYounes Helped patch 1033 vulnerabilities Received 5 Coordinated Disclosure badges Received 8 recommendations , a holder of 5 badges for responsible and coordinated disclosure, found a security vulnerability affecting patronbox.hu website and its users. Following coordinat...

voorwaarts-utrecht.nl XSS vulnerability

Vulnerable URL: http://voorwaarts-utrecht.nl/start.php?go=home.showTeams%22%3E%3Cscript%3Ealert%28%27XSSPOSED%27%29%3C/script%3E Details: Description| Value ---|--- Patched:| Yes, at 23.11.2017 Latest check for patch:| 23.11.2017 09:51 GMT Vulnerability type:| XSS Vulnerability status:| Publicly...

CVE-2014-4814

IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 through 8.0.0.1 CF14, and 8.5.0 before CF03 does not properly detect recursion during entity expansion, which allows remote authenticated users to cause a denial of service memory and CPU...