111 matches found
CVE-2024-5752 Path Traversal in stitionai/devika
A path traversal vulnerability exists in stitionai/devika, specifically in the project creation functionality. In the affected version beacf6edaa205a5a5370525407a6db45137873b3, the project name is not validated, allowing an attacker to create a project with a crafted name that traverses...
CVE-2024-5752 Path Traversal in stitionai/devika
A path traversal vulnerability exists in stitionai/devika, specifically in the project creation functionality. In the affected version beacf6edaa205a5a5370525407a6db45137873b3, the project name is not validated, allowing an attacker to create a project with a crafted name that traverses...
CVE-2024-5752
CVE-2024-5752: Path traversal in stitionai/devika . The vulnerability affects the project creation function of stitionai/devika, where the project name is not validated in version beacf6edaa205a5a5370525407a6db45137873b3, enabling crafted names that traverse directories. This can cause arbitrary ...
GitLab Authenticated File Read
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'GitLab Authenticated File Read', 'Description' = %q GitLab version 16.0 contains a directory traversal for arbitrary file read as the gitlab-www...
CVE-2024-1599
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
CVE-2024-1599
This CVE entry is rejected/not used and does not represent an active vulnerability.
Logic flaw vulnerability in KingPortal client development system of Beijing Asian Control Technology Development Co. Ltd (CNVD-2024-21043)
KingPortal client development system is a pure B/S architecture for industrial monitoring web-based configuration products, is the product of the fusion of big data visualization and industrial Internet technology. KingPortal client development system of Beijing Asian Control Technology Developme...
CVE-2024-26152 Label Studio vulnerable to Cross-site Scripting if `<Choices>` or `<Labels>` are used in labeling config
Summary On all Label Studio versions prior to 1.11.0, data imported via file upload feature is not properly sanitized prior to being rendered within a Choices or Labels tag, resulting in an XSS vulnerability. Details Need permission to use the "data import" function. This was reproduced on Label...
CVE-2023-37798
A stored cross-site scripting XSS vulnerability in the new REDCap project creation function of Vanderbilt REDCap 13.1.35 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the project title parameter...
CVE-2023-37798
A stored cross-site scripting XSS vulnerability in the new REDCap project creation function of Vanderbilt REDCap 13.1.35 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the project title parameter...
CVE-2023-37798
A stored cross-site scripting XSS vulnerability in the new REDCap project creation function of Vanderbilt REDCap 13.1.35 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the project title parameter...
Possible to create projects with currency=address(0)
Lines of code Vulnerability details Impact Sometimes it is possible to create projects with currency=address0. Proof of Concept if you call createProject before the contract has been initialized, some areas of the Project service might be denied. Nowhere is it checked that the address is empty,...
CVE-2022-31032
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In versions prior to 13.9.99.58 authorizations are not properly verified when creating projects or trackers from projects marked as templates. Users can get access to information in those templa...
Design/Logic Flaw
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In versions prior to 13.9.99.58 authorizations are not properly verified when creating projects or trackers from projects marked as templates. Users can get access to information in those templa...
CVE-2022-31032 Resources of private projects can be exposed in Tuleap
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In versions prior to 13.9.99.58 authorizations are not properly verified when creating projects or trackers from projects marked as templates. Users can get access to information in those templa...
PT-2022-20475 · Tuleap · Tuleap
Name of the Vulnerable Software and Affected Versions: Tuleap versions prior to 13.9.99.58 Description: The issue arises from improper verification of authorizations when creating projects or trackers from projects marked as templates. This allows users to access information in those template...
Gitlab -- vulnerabilities
Gitlab reports: Stored XSS in merge request creation page Denial-of-service attack in Markdown parser Stored Cross-Site Scripting vulnerability in the GitLab Flavored Markdown DNS Rebinding vulnerability in Gitea importer Exposure of trigger tokens on project exports Improper access control for...
Easy-Mock 1.6.0 Remote Code Execution
Exploit Title: easy-mock 1.6.0 - Remote Code Execution RCE Authenticated Date: 12/08/2021 Exploit Author: LionTree Vendor Homepage: https://github.com/easy-mock Software Link: https://github.com/easy-mock/easy-mock Version: 1.5.0-1.6.0 Tested on: windows 10node v8.17.0 import requests import json...
OTRS Cross-Site Scripting Vulnerability (CNVD-2021-57225)
OTRS is an application of the German company OTRS. A cross-site scripting vulnerability exists in OTRS AG Time Accounting, which stems from the ability to inject malicious JS code into specific fields during the project creation screen. No details of the vulnerability are currently available...
CVE-2021-21442
In the project create screen it's possible to inject malicious JS code to the certain fields. The code might be executed in the Reporting screen. This issue affects: OTRS AG Time Accounting: 7.0.x versions prior to 7.0.19...