824 matches found
secure2.clarin.com Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1123756 Security Researcher dracutdashf Helped patch 5 vulnerabilities Received 0 Coordinated Disclosure badges , found a security vulnerability affecting secure2.clarin.com website and its users. Following coordinated and responsible vulnerability disclosure guidelines of...
fcnetwork.com Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1123653 Security Researcher securaji Helped patch 77 vulnerabilities Received 3 Coordinated Disclosure badges Received 4 recommendations , a holder of 3 badges for responsible and coordinated disclosure, found a security vulnerability affecting fcnetwork.com website and it...
CVE-2020-7480
A CWE-94: Improper Control of Generation of Code 'Code Injection' vulnerability exists in Andover Continuum All versions, which could cause files on the application server filesystem to be viewable when an attacker interferes with an application's processing of XML data...
Code injection
A CWE-94: Improper Control of Generation of Code 'Code Injection' vulnerability exists in Andover Continuum All versions, which could cause files on the application server filesystem to be viewable when an attacker interferes with an application's processing of XML data...
CVE-2020-7480
CVE-2020-7480 concerns Andover Continuum (all versions) with a CWE-94 code injection flaw. The vulnerability arises from improper control over code generation during XML data processing, enabling an attacker to view files on the application server filesystem. Connected sources confirm the affecte...
CVE-2020-7480
A CWE-94: Improper Control of Generation of Code 'Code Injection' vulnerability exists in Andover Continuum All versions, which could cause files on the application server filesystem to be viewable when an attacker interferes with an application's processing of XML data...
wilman-lodge.co.uk Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1120846 Security Researcher kun-fly Helped patch 790 vulnerabilities Received 7 Coordinated Disclosure badges Received 43 recommendations , a holder of 7 badges for responsible and coordinated disclosure, found a security vulnerability affecting wilman-lodge.co.uk website...
yesmovies.is Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1120611 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website...
flachsbarth.info Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1117741 Security Researcher g0bl1nsec Helped patch 3768 vulnerabilities Received 4 Coordinated Disclosure badges Received 3 recommendations , a holder of 4 badges for responsible and coordinated disclosure, found a security vulnerability affecting flachsbarth.info website...
suche.unibe.ch Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1116817 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website...
grixcars.com Improper Access Control vulnerability
Open Bug Bounty ID: OBB-1116202 Security Researcher geeknik Helped patch 8957 vulnerabilities Received 8 Coordinated Disclosure badges Received 21 recommendations , a holder of 8 badges for responsible and coordinated disclosure, found a security vulnerability affecting grixcars.com website and i...
pakistanilawnshop.com Improper Access Control vulnerability
Open Bug Bounty ID: OBB-1116167 Security Researcher geeknik Helped patch 8949 vulnerabilities Received 8 Coordinated Disclosure badges Received 21 recommendations , a holder of 8 badges for responsible and coordinated disclosure, found a security vulnerability affecting pakistanilawnshop.com...
techware.co Cross Site Scripting vulnerability
Security Researcher geeknik Helped patch 8562 vulnerabilities Received 8 Coordinated Disclosure badges Received 20 recommendations , a holder of 8 badges for responsible and coordinated disclosure, found a security vulnerability affecting techware.co website and its users. Following coordinated a...
geoportal.de Open Redirect vulnerability
Open Bug Bounty ID: OBB-1109117 Security Researcher SkypLabs Helped patch 16 vulnerabilities Received 1 Coordinated Disclosure badges Received 2 recommendations , a holder of 1 badges for responsible and coordinated disclosure, found a security vulnerability affecting geoportal.de website and its...
Oracle Weblogic Server Remote Code Execution (CVE-2019-2888)
An External Entity Injection vulnerability exists in Oracle Weblogic. This vulnerability is due to insufficient validation of XML data. A remote attacker could exploit this vulnerability by sending malicious XML data to the target server. Successful exploitation of this vulnerability could result...
smartster.se Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1105512 Security Researcher error404 Helped patch 526 vulnerabilities Received 8 Coordinated Disclosure badges Received 20 recommendations , a holder of 8 badges for responsible and coordinated disclosure, found a security vulnerability affecting smartster.se website and i...
avip-portal.com Improper Access Control vulnerability
Security Researcher Fadavvi Helped patch 79 vulnerabilities Received 4 Coordinated Disclosure badges Received 1 recommendations , a holder of 4 badges for responsible and coordinated disclosure, found a security vulnerability affecting avip-portal.com website and its users. Following coordinated...
XStream Library Insecure Deserialization (CVE-2019-10173)
An insecure serialization vulnerability exists in XStream Library. The vulnerability is due to insufficient validation of event handler type in user-supplied XML data. A remote attacker could exploit this vulnerability by sending specially crafted XML file to the affected application. Successful...
EulerOS 2.0 SP8 : libxslt (EulerOS-SA-2020-1166)
According to the version of the libxslt packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafte...
CVE-2020-9351
An issue was discovered in SmartClient 12.0. If an unauthenticated attacker makes a POST request to /tools/developerConsoleOperations.jsp or /isomorphic/IDACall with malformed XML data in the transaction parameter, the server replies with a verbose error showing where the application resides the...