bug
-
A high-severity vulnerability in the 7-Zip file archiver allows attackers to bypass the Mark of the Web (MotW) Windows security feature and execute code on users’ computers when extracting malicious files from nested archives. […]
-
A vulnerability classified as critical has been found in libtiff up to 3.8.0. Affected is the function tifffetchdata of the file tif_dirread.c. The manipulation leads to integer coercion error. This vulnerability is traded as CVE-2006-2025. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the…
-
A vulnerability was found in TWiki. It has been declared as problematic. This vulnerability affects unknown code. The manipulation of the argument newtopic leads to cross site scripting. This vulnerability was named CVE-2011-3010. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.
-
A vulnerability classified as critical was found in MyBB Ajax forum stat 2.0. This vulnerability affects unknown code of the file ajaxfs.php. The manipulation of the argument usertooltip leads to sql injection. This vulnerability was named CVE-2013-6936. The attack can be initiated remotely. Furthermore, there is an exploit available.
-
A vulnerability was found in libtiff up to 3.8.0. It has been rated as problematic. This issue affects the function tifffetchanyarray of the file tif_dirread.c. The manipulation leads to denial of service. The identification of this vulnerability is CVE-2006-2024. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to…
-
A vulnerability classified as critical was found in libtiff up to 3.8.0. Affected by this vulnerability is an unknown functionality of the file tif_jpeg.c. The manipulation leads to memory corruption. This vulnerability is known as CVE-2006-2026. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected…
-
A vulnerability, which was classified as problematic, has been found in SSSD 1.3.0/1.4.0/1.4.1/1.5.0. This issue affects the function pam_parse_in_data_v2. The manipulation leads to improper resource management. The identification of this vulnerability is CVE-2010-4341. The attack needs to be approached locally. There is no exploit available.
-
A vulnerability was found in Mozilla Firefox 4.0/4.0.1. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to improper input validation. The identification of this vulnerability is CVE-2011-0082. The attack may be initiated remotely. There is no exploit available.
-
How I Utilized AI to Discover an Amazon S3 Bucket Takeover Vulnerability in Red Bull’s Bug Bounty…
·
How I Utilized AI to Discover an Amazon S3 Bucket Takeover Vulnerability in Red Bull’s Bug Bounty ProgramIntroductionBug bounties have become an exciting way for security researchers to help secure digital platforms while getting rewarded for their efforts. In this write-up, I will share how I identified and exploited an Amazon S3 bucket takeover vulnerability as…
-
Hello Readers, I’m thrilled to share details about a recent discovery I made concerning entry.io’s integration functionality. I’ve identified a vulnerability that allows users with free plan accounts to bypass subscription restrictions and integrate Slack, typically reserved for higher subscription tiers. For this report, Xentry.io acknowledged the issue and awarded me a bounty of $500.Understanding TargetXentry.io…
-
In the Name of Allah, the Most Beneficent, the Most Merciful.All the praises and thanks be to Allah, the Lord of the ‘Alamin (mankind, jinns and all that exists)Good day! I hope this message finds everyone in good health and spirits. Without further ado, let me dive into today’s Bug: User Enumeration Vulnerability.At first glance, user…
-
A vulnerability, which was classified as critical, has been found in XFree86 up to 4.2.1. Affected by this issue is some unknown functionality of the component Pixmap Generator. The manipulation leads to numeric error. This vulnerability is handled as CVE-2005-2495. Access to the local network is required for this attack. There is no exploit available.…
-
A vulnerability classified as critical was found in X.org X11 11 6.x. Affected by this vulnerability is an unknown functionality of the component Pixmap Generator. The manipulation leads to numeric error. This vulnerability is known as CVE-2005-2495. The attack needs to be initiated within the local network. There is no exploit available. It is recommended…
-
As a dedicated bug bounty hunter with an enviable track record on BugCrowd, Abdullah Nawaf, Full full-time bug Bounty Hunter, thrives on the thrill of discovery and the challenge of finding high-impact vulnerabilities. Recently, alongside his colleague Orwa Atyat, they achieved a notable success: turning a limited path traversal vulnerability into a fully-fledged remote code execution…
-
A vulnerability was found in Libssh2 up to 1.8.0. It has been rated as critical. This issue affects the function _libssh2_packet_require/_libssh2_packet_requirev. The manipulation as part of Packet leads to out-of-bounds read. The identification of this vulnerability is CVE-2019-3859. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the…
-
A vulnerability, which was classified as problematic, has been found in Aleksey XML Security Library up to 0.0.11. This issue affects some unknown processing of the file xslt.c. The manipulation leads to improper access controls. The identification of this vulnerability is CVE-2011-1425. The attack may be initiated remotely. There is no exploit available. It is…
-
A vulnerability was found in ImageMagick and classified as critical. Affected by this issue is some unknown functionality of the component OpenBlob Handler. The manipulation leads to command injection. This vulnerability is handled as CVE-2023-34152. The attack may be launched remotely. There is no exploit available.
-
A vulnerability, which was classified as problematic, has been found in CloudBees Jenkins 1.523. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2013-5573. The attack may be launched remotely. Furthermore, there is an exploit available.