Lucene search
K

824 matches found

Openbugbounty
Openbugbounty
added 2020/03/25 3:2 a.m.10 views

secure2.clarin.com Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1123756 Security Researcher dracutdashf Helped patch 5 vulnerabilities Received 0 Coordinated Disclosure badges , found a security vulnerability affecting secure2.clarin.com website and its users. Following coordinated and responsible vulnerability disclosure guidelines of...

0.1AI score
Exploits0
Openbugbounty
Openbugbounty
added 2020/03/24 9:33 p.m.11 views

fcnetwork.com Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1123653 Security Researcher securaji Helped patch 77 vulnerabilities Received 3 Coordinated Disclosure badges Received 4 recommendations , a holder of 3 badges for responsible and coordinated disclosure, found a security vulnerability affecting fcnetwork.com website and it...

0.1AI score
Exploits0
NVD
NVD
added 2020/03/23 8:15 p.m.23 views

CVE-2020-7480

A CWE-94: Improper Control of Generation of Code 'Code Injection' vulnerability exists in Andover Continuum All versions, which could cause files on the application server filesystem to be viewable when an attacker interferes with an application's processing of XML data...

9.8CVSS9.4AI score0.01498EPSS
Exploits0References1
Prion
Prion
added 2020/03/23 8:15 p.m.19 views

Code injection

A CWE-94: Improper Control of Generation of Code 'Code Injection' vulnerability exists in Andover Continuum All versions, which could cause files on the application server filesystem to be viewable when an attacker interferes with an application's processing of XML data...

7.5CVSS9.2AI score0.01498EPSS
Exploits0References1
CVE
CVE
added 2020/03/23 7:24 p.m.45 views

CVE-2020-7480

CVE-2020-7480 concerns Andover Continuum (all versions) with a CWE-94 code injection flaw. The vulnerability arises from improper control over code generation during XML data processing, enabling an attacker to view files on the application server filesystem. Connected sources confirm the affecte...

9.8CVSS9.3AI score0.01498EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/03/23 7:24 p.m.24 views

CVE-2020-7480

A CWE-94: Improper Control of Generation of Code 'Code Injection' vulnerability exists in Andover Continuum All versions, which could cause files on the application server filesystem to be viewable when an attacker interferes with an application's processing of XML data...

9.5AI score0.01498EPSS
Exploits0References1
Openbugbounty
Openbugbounty
added 2020/03/19 3:23 p.m.6 views

wilman-lodge.co.uk Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1120846 Security Researcher kun-fly Helped patch 790 vulnerabilities Received 7 Coordinated Disclosure badges Received 43 recommendations , a holder of 7 badges for responsible and coordinated disclosure, found a security vulnerability affecting wilman-lodge.co.uk website...

0.1AI score
Exploits0
Openbugbounty
Openbugbounty
added 2020/03/19 5:53 a.m.12 views

yesmovies.is Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1120611 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website...

6.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2020/03/13 3:3 p.m.11 views

flachsbarth.info Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1117741 Security Researcher g0bl1nsec Helped patch 3768 vulnerabilities Received 4 Coordinated Disclosure badges Received 3 recommendations , a holder of 4 badges for responsible and coordinated disclosure, found a security vulnerability affecting flachsbarth.info website...

0.1AI score
Exploits0
Openbugbounty
Openbugbounty
added 2020/03/12 12:8 p.m.14 views

suche.unibe.ch Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1116817 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website...

6.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2020/03/11 4:22 p.m.11 views

grixcars.com Improper Access Control vulnerability

Open Bug Bounty ID: OBB-1116202 Security Researcher geeknik Helped patch 8957 vulnerabilities Received 8 Coordinated Disclosure badges Received 21 recommendations , a holder of 8 badges for responsible and coordinated disclosure, found a security vulnerability affecting grixcars.com website and i...

0.1AI score
Exploits0
Openbugbounty
Openbugbounty
added 2020/03/11 3:20 p.m.10 views

pakistanilawnshop.com Improper Access Control vulnerability

Open Bug Bounty ID: OBB-1116167 Security Researcher geeknik Helped patch 8949 vulnerabilities Received 8 Coordinated Disclosure badges Received 21 recommendations , a holder of 8 badges for responsible and coordinated disclosure, found a security vulnerability affecting pakistanilawnshop.com...

0.1AI score
Exploits0
Openbugbounty
Openbugbounty
added 2020/03/08 12:44 p.m.10 views

techware.co Cross Site Scripting vulnerability

Security Researcher geeknik Helped patch 8562 vulnerabilities Received 8 Coordinated Disclosure badges Received 20 recommendations , a holder of 8 badges for responsible and coordinated disclosure, found a security vulnerability affecting techware.co website and its users. Following coordinated a...

0.1AI score
Exploits0
Openbugbounty
Openbugbounty
added 2020/03/02 7:58 p.m.12 views

geoportal.de Open Redirect vulnerability

Open Bug Bounty ID: OBB-1109117 Security Researcher SkypLabs Helped patch 16 vulnerabilities Received 1 Coordinated Disclosure badges Received 2 recommendations , a holder of 1 badges for responsible and coordinated disclosure, found a security vulnerability affecting geoportal.de website and its...

0.2AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2020/03/01 12:0 a.m.9 views

Oracle Weblogic Server Remote Code Execution (CVE-2019-2888)

An External Entity Injection vulnerability exists in Oracle Weblogic. This vulnerability is due to insufficient validation of XML data. A remote attacker could exploit this vulnerability by sending malicious XML data to the target server. Successful exploitation of this vulnerability could result...

5CVSS6.5AI score0.05219EPSS
Exploits3
Openbugbounty
Openbugbounty
added 2020/02/27 2:48 p.m.8 views

smartster.se Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1105512 Security Researcher error404 Helped patch 526 vulnerabilities Received 8 Coordinated Disclosure badges Received 20 recommendations , a holder of 8 badges for responsible and coordinated disclosure, found a security vulnerability affecting smartster.se website and i...

0.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2020/02/26 10:11 a.m.10 views

avip-portal.com Improper Access Control vulnerability

Security Researcher Fadavvi Helped patch 79 vulnerabilities Received 4 Coordinated Disclosure badges Received 1 recommendations , a holder of 4 badges for responsible and coordinated disclosure, found a security vulnerability affecting avip-portal.com website and its users. Following coordinated...

0.1AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2020/02/26 12:0 a.m.2 views

XStream Library Insecure Deserialization (CVE-2019-10173)

An insecure serialization vulnerability exists in XStream Library. The vulnerability is due to insufficient validation of event handler type in user-supplied XML data. A remote attacker could exploit this vulnerability by sending specially crafted XML file to the affected application. Successful...

7.5CVSS3.9AI score0.94774EPSS
Exploits4
Tenable Nessus
Tenable Nessus
added 2020/02/25 12:0 a.m.29 views

EulerOS 2.0 SP8 : libxslt (EulerOS-SA-2020-1166)

According to the version of the libxslt packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafte...

7.5CVSS7.7AI score0.01817EPSS
Exploits0References2
Cvelist
Cvelist
added 2020/02/23 12:0 a.m.22 views

CVE-2020-9351

An issue was discovered in SmartClient 12.0. If an unauthenticated attacker makes a POST request to /tools/developerConsoleOperations.jsp or /isomorphic/IDACall with malformed XML data in the transaction parameter, the server replies with a verbose error showing where the application resides the...

5.5AI score0.01072EPSS
Exploits1References2
Rows per page
Query Builder