283 matches found
HackerOne: Recently added 'Country' field doesn't send email notification when changed
Summary: Hi team, This is a small bug report. Actually I think there is no important security issue but I wanted to report it ¯\ツ/¯ If you change your 'Country' information on account settings, HackerOne doesn't send Your profile was recently changed email. Description: There is an email...
Unspecified Vulnerability in Mattermost Server (CNVD-2020-35448)
Mattermost Server is the United States Mattermost company's set of open source messaging platform. A security vulnerability exists in Mattermost Server versions prior to 3.8.2, 3.7.5 and 3.6.7. An attacker can exploit the vulnerability to add a forged link to an email notification...
Code injection
User is allowed to set an email as a notification email even without verifying the new email in all previous GitLab CE/EE versions through 13.0.1...
CVE-2020-13276
Removed by vendor...
DRIVE.NET, Inc.: [www.drive2.ru] Insufficient Security Configurability - Email notification is not being sent while changing passwords
Email notification was not sent while changing passwords. This issue was fixed. Best Practices As recommended practices, Due to missing notification email when changing password, If the password has been maliciously changed, the user will not be able to notice it, so immediate security measures...
GitLab: Email notification about login email changed is not received when using verified linked email address
Summary In https://gitlab.com/profile, user can update the email id to use for login to gitlab account using field "Email". Usually, when this login email id is updated, there will be 2 email sent on previous email Id with subjects as. Email 1 - Email Changed:- This tell that login email has been...
UBUNTU-CVE-2020-5225
Log injection in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script, which receives error reports and sends them via email to the system administrator, did not properly sanitize the report identifier obtained from the request. This allows an attacker, under specific circumstances,...
CVE-2019-5471
An input validation and output encoding issue was discovered in the GitLab email notification feature which could result in a persistent XSS. This was addressed in GitLab 12.1.2, 12.0.4, and 11.11.6...
CVE-2019-5471
An input validation and output encoding issue was discovered in the GitLab email notification feature which could result in a persistent XSS. This was addressed in GitLab 12.1.2, 12.0.4, and 11.11.6...
Input validation
An input validation and output encoding issue was discovered in the GitLab email notification feature which could result in a persistent XSS. This was addressed in GitLab 12.1.2, 12.0.4, and 11.11.6...
CVE-2019-5471
An input validation and output encoding issue was discovered in the GitLab email notification feature which could result in a persistent XSS. This was addressed in GitLab 12.1.2, 12.0.4, and 11.11.6...
CVE-2019-5471
CVE-2019-5471 concerns an input validation and output encoding flaw in GitLab’s email notification feature that could yield a persistent XSS. The issue affects GitLab’s email notifications (notably in merge-request and repository push emails) where unsanitized values (e.g., branch names) could be...
CVE-2019-5471
Removed by vendor...
PT-2019-17694 · Gitlab · Gitlab
Name of the Vulnerable Software and Affected Versions: GitLab versions prior to 11.11.6 GitLab versions prior to 12.0.4 GitLab versions prior to 12.1.2 Description: An issue with input validation and output encoding was found in the email notification feature, potentially leading to a persistent...
HackerOne: [Bypass #645264] Report title disclosure despite the program settings for email notification is set to "No Content"
Hi Team, Summary: There is newly disclosed resolved report Program Email Nofication settings ignored when being added as an external contributor, However i found that the fix is incomplete. I have found that email invitation for a collaborator bounty splitting still disclosing the Report title in...
HackerOne: Program Email Nofication settings ignored when being added as an external contributor
Summary: When being added as an external contributor to a report, the report title are displayed in the email notification despite the program email notification settings being set to No Content Description: Hey team! I noticed that programs have the ability to set their Email Notification...
Gitlab -- Multiple vulnerabilities
Gitlab reports: Moving an Issue to Private Repo Leaks Project Namespace Notification Emails Sent to Restricted Users Unauthorized Comments on Confidential Issues Merge Request Approval Count Inflation Unsanitized Branch Names on New Merge Request Notification Emails Improper Sanitation of...
Veeam Backup for Office 365 No E-Mail Notification After Job Run
Challenge When the backup job completes the Job notification is never received. Cause 1. Error: Unable to connect to the remote server 2. Job completes with no Error, but you do not receive a notification email. This can be caused by: Email relay server blocking emails that exceed 512KB size The...
Quora Gets Hacked – 100 Million Users Data Stolen
The World's most popular question-and-answer website Quora has suffered a massive data breach with unknown hackers gaining unauthorized access to potentially sensitive personal information of about 100 million of its users. Quora announced the incident late Monday after its team last Friday...
CVE-2018-19390
FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service Break instruction exception and application crash via TIFF data because of a ConvertToPDFx86!ConnectedPDF::ConnectedPDFSDK::FCPSendEmailNotification issue...