Gitlab labels component cross-site scripting vulnerability

GitLab is a set of open source applications developed using Ruby on Rails to implement a self-hosted Git version control system project repository , which has features similar to Github , you can access the project's file content , commit history , bug lists , etc. GitLab Community Edition CE is...

Cross site scripting

Gitlab Community Edition version 10.2.4 is vulnerable to lack of input validation in the labels component resulting in persistent cross site scripting...

CVE-2017-0924

Removed by vendor...

CVE-2017-0924

CVE-2017-0924 affects GitLab Community Edition 10.2.4, with a lack of input validation in the labels component that enables persistent cross-site scripting (XSS). Multiple sources (NVD entry for CVE-2017-0924, OpenVAS NASL, CNVD entry) corroborate that the vulnerability is tied to the labels comp...

CVE-2016-6272

XPath injection vulnerability in Epic MyChart allows remote attackers to access contents of an XML document containing static display strings, such as field labels, via the topic parameter to help.asp. NOTE: this was originally reported as a SQL injection vulnerability, but this may be inaccurate...

Atlassian Jira, Python and automated labeling

I have already wrote about Atlassian Jira automation in "Automated task processing with JIRA API". But all examples there were with using of curl. So, I decided to make one more post about Jira API. This time with python examples and about labeling issues nice wordplay, right? . You can use label...

Kanboard Design Vulnerability (CNVD-2017-30948)

Kanboard is a French software developer Frederic Guillot developed a set of open source visualization task board software. The software supports customization of the panel according to the business, task dragging and so on. A security vulnerability exists in Kanboard versions prior to 1.0.47. An...

YouTube MP3 Converter Site Shut Down After Labels Win Lawsuit

By Waqas In 2016, Youtube-mp3.org YTMP3, a popular YouTube-ripping site was taken to court by Recording This is a post from HackRead.com Read the original post: YouTube MP3 Converter Site Shut Down After Labels Win Lawsuit...

Guilty in Absence: Pirate Bay Founders to pay €405,000 to Record Labels

By Uzair Amir The file sharing giant, The Pirate Bay, is in the This is a post from HackRead.com Read the original post: Guilty in Absence: Pirate Bay Founders to pay €405,000 to Record Labels...

The Pirate Bay Founders Ordered to Pay Music Labels $477,800 in Compensation

Two of the three co-founders of The Pirate Bay—Fredrik Neij and Gottfrid Svartholm Warg—have been ordered by a Finnish court to pay record labels $477,800 in compensation for copyright infringement on the site. Last year in a similar case, Helsinki District Court in Finland ordered Peter Sunde, t...

Moderate: Red Hat Enhancement Advisory: Red Hat Virtualization Manager (ovirt-engine) 4.1.4

An update is now available for Red Hat Virtualization Manager. The Red Hat Virtualization Manager is a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities,...

Threat Outbreak Alert RuleID28284: Email Messages Distributing Malicious Software on March 14, 2017

Medium Alert ID: 53026 First Published: 2017 March 15 14:23 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID28284 may contain the following files: Name | Si...

Ubuntu: Security Advisory (USN-3142-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-3142-2: ImageMagick regression

USN-3142-1 fixed vulnerabilities in ImageMagick. The security fixes introduced a regression with text labels and a regression with the text coder. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that ImageMagick incorrectly handled...

USN-3142-2 imagemagick regression

USN-3142-1 fixed vulnerabilities in ImageMagick. The security fixes introduced a regression with text labels and a regression with the text coder. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that ImageMagick incorrectly handled...

openSUSE Security Update : GraphicsMagick (openSUSE-2017-214)

This update for GraphicsMagick fixes several issues. These security issues were fixed : - CVE-2016-10048: Arbitrary module could have been load because relative path were not escaped bsc1017310 - CVE-2016-10050: Corrupt RLE files could have overflowed a heap buffer due to a missing offset check...

Cross-Site Scripting

Overview Affected versions of morris.js are vulnerable to cross-site scripting attacks in labels that appear when hovering over a particular point on a generated graph. The text content of these labels is not escaped, so if control over the labels is obtained, script can be injected. The script...

docker-engine docker-engine-selinux security and bugfix update

1.12.6-1.0.1 - Enable configuration of Docker daemon via sysconfig orabug 21804877 - Require UEK4 for docker 1.9 orabug 22235639 22235645 - Add docker.conf for prelink orabug 25147708 1.12.6 - the systemd unit file /usr/lib/systemd/system/docker.service contains local changes, or - a systemd...

Cross-Site Scripting (XSS)

onegov.form is vulnerable to cross-site scripting XSS attacks. The vulnerability exists due to the usage of unescaped labels in WTForms...

UBUNTU-CVE-2016-5427

PowerDNS aka pdns Authoritative Server before 3.4.10 does not properly handle a . dot inside labels, which allows remote attackers to cause a denial of service backend CPU consumption via a crafted DNS query...