EUVD-2014-7244

Malware in sbrugna...

Malicious code in down-load-available-zip-now-113116-at-weddings-wpwot-cqpsxb (npm)

The package down-load-available-zip-now-113116-at-weddings-wpwot-cqpsxb was found to contain malicious code...

cdn.weddingsonline.ie Cross Site Scripting vulnerability OBB-3900654

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

craigynoscastleweddings.com Improper Access Control vulnerability OBB-3796395

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

spotlight-weddings.com Cross Site Scripting vulnerability OBB-3657455

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

sanmiguelweddings.com Cross Site Scripting vulnerability OBB-3414353

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

pacificweddings.com Cross Site Scripting vulnerability OBB-3258060

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

pacificweddings.com Cross Site Scripting vulnerability OBB-3222483

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

vermontweddings.com Cross Site Scripting vulnerability OBB-2775844

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

sanantonioweddings.com Cross Site Scripting vulnerability OBB-1381096

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

weddingsonline.ie Cross Site Scripting vulnerability OBB-1286703

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

sanantonioweddings.com Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1168377 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website...

digital-weddings.com XSS vulnerability

Open Bug Bounty ID: OBB-695276 Description| Value ---|--- Affected Website:| digital-weddings.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| hidden until disclosure Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:|...

theknot.com XSS vulnerability

Open Bug Bounty ID: OBB-140809 Description| Value ---|--- Affected Website:| theknot.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

CVE-2014-7746

The Fusion Flowers - Weddings aka com.triactivemedia.fusionweddings application @7F0801AA for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

CVE-2014-7746

The Fusion Flowers - Weddings aka com.triactivemedia.fusionweddings application @7F0801AA for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

Session fixation

The Fusion Flowers - Weddings aka com.triactivemedia.fusionweddings application @7F0801AA for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

CVE-2014-7746

The CVE-2014-7746 entry concerns the Android app Fusion Flowers - Weddings (com.triactivemedia.fusionweddings). Affected component: the Android application’s SSL/TLS certificate validation. Root cause: it does not verify X.509 certificates presented by SSL servers, enabling man-in-the-middle atta...

CVE-2014-7373

The Inspire Weddings aka com.magzter.inspireweddings application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

Design/Logic Flaw

The Inspire Weddings aka com.magzter.inspireweddings application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...