### Impact One can ask for any file located in the classloader using the template API and a path with ".." in it. For example ``` {{template name="../xwiki.hbm.xml"/}} ``` To our knownledge none of t ...
Continue Reading
June 01, 2022
During an **X25519** key exchange, the clientÂ’s private is generated with [**System.Random**](https://docs.microsoft.com/en-us/dotnet/api/system.random): ```cs var rnd = new Random(); _privateKey = n ...
Continue Reading
June 01, 2022
BigBlueButton is an open source web conferencing system. Starting with version 2.2 and prior to versions 2.3.9 and 2.4-beta-1, an attacker can circumvent access controls to obtain the content of publi ...
Continue Reading
June 01, 2022
BigBlueButton is an open source web conferencing system. Versions starting with 2.2 and prior to 2.3.19, 2.4.7, and 2.5.0-beta.2 are vulnerable to regular expression denial of service (ReDoS) attacks. ...
Continue Reading
June 01, 2022
Following the coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147]()** standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. not ...
Continue Reading
June 01, 2022
Following the coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147]()** standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. not ...
Continue Reading
June 01, 2022
The Microsoft PowerPoint Products are missing a security update. It is, therefore, affected by the following vulnerability: - A remote code execution vulnerability. An attacker can exploit this ...
Continue Reading
June 01, 2022
The Microsoft Excel Products are missing security updates. It is, therefore, affected by multiple vulnerabilities: - A security feature bypass vulnerability exists. An attacker can exploit this ...
Continue Reading
June 01, 2022
Back to Main
