Following the coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147]()** standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. not ...
Continue Reading
May 23, 2022
# Command Injection vulnerability in [email protected] `git-interface` describes itself as a Interface to work with a git repository in node.js Resources: * Project's GitHub source code: https://gi ...
Continue Reading
May 23, 2022
# Description Privilege escalation occurs when a user gets access to more resources or functionality than they are normally allowed, and such elevation or changes should have been prevented by the app ...
Continue Reading
May 23, 2022
One of the API in Mattermost version 6.4.1 and earlier fails to properly protect the permissions, which allows the authenticated members with restricted custom admin role to bypass the restrictions an ...
Continue Reading
May 23, 2022
# Description In line 786, we can see ```$conditionFilters[] = $filterField . ' ' . $operator . ' ' . $value;```. The three variables joins to a string, and the variables come from the request param ...
Continue Reading
May 23, 2022
I found that one of the targets belongs to **DOD** vulnerable to **CVE-2022-22954** where an attacker may be able to execute any malicious code like escalating Remote code execution is also possible ...
Continue Reading
May 23, 2022
### Impact go-ipfs nodes with versions 0.10.0, 0.11.0, 0.12.0, or 0.12.1 can crash when trying to traverse certain malformed graphs due to an issue in the go-codec-dagpb dependency. Vulnerable nodes ...
Continue Reading
May 23, 2022
# Description A review of organizr's logging system found it is possible for an unauthenticated threat actor to inject arbitrary JavaScript into the "Logs" page found within the administrator dashboa ...
Continue Reading
May 23, 2022
Back to Main
