Aggregator

How a researcher earned $100,000 hacking a Facebook server

Security Affairs
8 months ago
Facebook paid $100,000 to a researcher for discovering a bug that granted him command access to an internal server in October 2024. TechCrunch first reported that Facebook awarded security researcher Ben Sadeghipour (@NahamSec) $100,000 for reporting a vulnerability that granted him access to an internal server. The researcher emphasized the vulnerability of online ad platforms due to […]
Pierluigi Paganini

CVE-2025-0403 | 1902756969 reggie 1.0 Phone Number Validation /user/sendMsg code information disclosure

VulDB Recent Entries
8 months ago
A vulnerability, which was classified as problematic, has been found in 1902756969 reggie 1.0. Affected by this issue is some unknown functionality of the file /user/sendMsg of the component Phone Number Validation Handler. The manipulation of the argument code leads to information disclosure. This vulnerability is handled as CVE-2025-0403. The attack may be launched remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2025-0402 | 1902756969 reggie 1.0 CommonController.java upload file unrestricted upload

VulDB Recent Entries
8 months ago
A vulnerability classified as critical was found in 1902756969 reggie 1.0. Affected by this vulnerability is the function upload of the file src/main/java/com/itheima/reggie/controller/CommonController.java. The manipulation of the argument file leads to unrestricted upload. This vulnerability is known as CVE-2025-0402. The attack can be launched remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2025-0401 | 1902756969 reggie 1.0 CommonController.java download name path traversal

VulDB Recent Entries
8 months ago
A vulnerability classified as critical has been found in 1902756969 reggie 1.0. Affected is the function download of the file src/main/java/com/itheima/reggie/controller/CommonController.java. The manipulation of the argument name leads to path traversal. This vulnerability is traded as CVE-2025-0401. It is possible to launch the attack remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2018-4317 | Apple iTunes up to 12.8 on Windows Memory Management Routine use after free (EDB-45486 / Nessus ID 119323)

Vuldb Updates
8 months ago
A vulnerability was found in Apple iTunes up to 12.8 on Windows. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Memory Management Routine. The manipulation leads to use after free. This vulnerability is known as CVE-2018-4317. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2020-23839 | GetSimple CMS 3.3.16 Login Portal admin/index.php Reflected cross site scripting (EDB-49726)

Vuldb Updates
8 months ago
A vulnerability classified as problematic has been found in GetSimple CMS 3.3.16. This affects an unknown part of the file admin/index.php of the component Login Portal. The manipulation leads to cross site scripting (Reflected). This vulnerability is uniquely identified as CVE-2020-23839. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2008-2419 | Mozilla Firefox 2.0.0.14 src="javascript: resource management (EDB-31817 / XFDB-42589)

Vuldb Updates
8 months ago
A vulnerability was found in Mozilla Firefox 2.0.0.14. It has been rated as critical. This issue affects some unknown processing. The manipulation of the argument src="javascript: leads to improper resource management. The identification of this vulnerability is CVE-2008-2419. The attack may be initiated remotely. Furthermore, there is an exploit available.
vuldb.com

Managed ad