255 matches found
Server side request forgery (ssrf)
Affected versions of Confluence Server before 7.4.8, and versions from 7.5.0 before 7.11.0 allow attackers to identify internal hosts and ports via a blind server-side request forgery vulnerability in Team Calendars parameters...
CVE-2020-29445
CVE-2020-29445 describes a blind SSRF in Atlassian Confluence Server’s Team Calendars parameters. Affected are Confluence Server versions before 7.4.8 and 7.5.0 through 7.10.9 (pre-7.11.0). Root cause is a server-side request forgery in the Team Calendars functionality, enabling an attacker to id...
CVE-2020-29445
Affected versions of Confluence Server before 7.4.8, and versions from 7.5.0 before 7.11.0 allow attackers to identify internal hosts and ports via a blind server-side request forgery vulnerability in Team Calendars parameters...
Atlassian Confluence Server 代码问题漏洞
Atlassian Confluence Server is the server version of Atlassian Australia's suite of collaboration software with enterprise knowledge management capabilities and support for building enterprise WiKi. A server-side request forgery vulnerability exists in Confluence Server versions prior to 7.11.0,...
PT-2021-11666 · Atlassian · Confluence
Name of the Vulnerable Software and Affected Versions: Confluence Server versions prior to 7.4.8 Confluence Server versions 7.5.0 through 7.10.9 Description: The issue allows attackers to identify internal hosts and ports via a blind server-side request forgery vulnerability in Team Calendars...
WordPress 插件跨站脚本漏洞
WordPress Plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in the WordPress plugin Advanced Booking Calendar prior to version 1.6.7. The vulnerability stems from the plugin not clearing the GET parameter in the "Seasons and Calendars" page, an...
Advanced Booking Calendar < 1.6.7 - Authenticated Reflected Cross-Site Scripting (XSS)
The plugin did not sanitise the calId GET parameter in the "Seasons & Calendars" page before outputing it in an A tag, leading to a reflected XSS issue PoC Payloads: - Original reporter:...
Blind SSRF in Team Calendars REST API using location parameter - CVE-2020-29445
Affected versions of Confluence Server allow attackers to identify internal hosts and ports via a blind server-side request forgery vulnerability in Team Calendars parameters. Affected versions: 7.11.0 Fixed versions: 7.11.0 7.4.8 LTS This vulnerability is attributed to Stefano Castilletti, a...
Blind SSRF in Team Calendars REST API using location parameter - CVE-2020-29445
Affected versions of Confluence Server allow attackers to identify internal hosts and ports via a blind server-side request forgery vulnerability in Team Calendars parameters. Affected versions: 7.11.0 Fixed versions: 7.11.0 7.4.8 LTS This vulnerability is attributed to Stefano Castilletti, a...
[SECURITY] Fedora 33 Update: nextcloud-19.0.3-1.fc33
NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing r ight on the web. NextCloud is extendable via a simple but powerful API...
Code Injection in ionicabizau/git-stats
Overview git-stats is a js package for local git statistics including GitHub-like contributions calendars. Affected versions of this package are vulnerable to Command Injection. It is possible to inject arbitrary commands by using a semicolon char in any of the options.start or options.end values...
[SECURITY] Fedora 31 Update: php-horde-kronolith-4.2.29-1.fc31
Kronolith is the Horde calendar application. It provides web-based calendars backed by a SQL database or a Kolab server. Supported features include Ajax and mobile interfaces, shared calendars, remote calendars, invitation management iCalendar/iTip, free/busy management, resource management,...
[SECURITY] Fedora 32 Update: php-horde-kronolith-4.2.29-1.fc32
Kronolith is the Horde calendar application. It provides web-based calendars backed by a SQL database or a Kolab server. Supported features include Ajax and mobile interfaces, shared calendars, remote calendars, invitation management iCalendar/iTip, free/busy management, resource management,...
Fedora: Security Advisory for php-horde-kronolith (FEDORA-2020-0fbd043bcf)
The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Scoutnet Kalender <= 1.1.0 - Stored Cross-Site Scripting (XSS)
The plugin does not sanitise the 'Info' field from embedded calendars which are retrieved from Scoutnet and are not necessarily owned/managed by the administrator of the blog...
Thousands of Google Calendars Possibly Leaking Private Information Online
"Warning — Making your calendar public will make all events visible to the world, including via Google search. Are you sure?" Remember this security warning? No? If you have ever shared your Google Calendars, or maybe inadvertently, with someone that should not be publicly accessible anymore, you...
Thousands of Google Calendars Possibly Leaking Private Information Online
"Warning — Making your calendar public will make all events visible to the world, including via Google search. Are you sure?" Remember this security warning? No? If you have ever shared your Google Calendars, or maybe inadvertently, with someone that should not be publicly accessible anymore, you...
[SECURITY] Fedora 28 Update: php-horde-kronolith-4.2.25-1.fc28
Kronolith is the Horde calendar application. It provides web-based calendars backed by a SQL database or a Kolab server. Supported features include Ajax and mobile interfaces, shared calendars, remote calendars, invitation management iCalendar/iTip, free/busy management, resource management,...
[SECURITY] Fedora 29 Update: php-horde-kronolith-4.2.25-1.fc29
Kronolith is the Horde calendar application. It provides web-based calendars backed by a SQL database or a Kolab server. Supported features include Ajax and mobile interfaces, shared calendars, remote calendars, invitation management iCalendar/iTip, free/busy management, resource management,...
Joomla! Component JTicketing 2.0.16 - SQL Injection
Joomla! Component JTicketing 2.0.16 - SQL Injection Exploit Title: Joomla! Component JTicketing 2.0.16 - SQL Injection Dork: N/A Date: 16.02.2018 Vendor Homepage: https://techjoomla.com/ Software Link: https://extensions.joomla.org/extensions/extension/calendars-a-events/events/jticketing/ Versio...