Lucene search
K

111 matches found

0day.today
0day.today
added 2021/06/03 12:0 a.m.31 views

Gitlab 13.9.3 - Remote Code Execution (Authenticated) Exploit

Exploit Title: Gitlab 13.9.3 - Remote Code Execution Authenticated Exploit Author: enox Vendor Homepage: https://about.gitlab.com/ Software Link: https://gitlab.com/ Version: 13.9.4 Tested On: Ubuntu 20.04 Environment: Gitlab 13.9.1 CE Credits: https://hackerone.com/reports/1125425...

0.4AI score
Exploits0
CNVD
CNVD
added 2020/11/03 12:0 a.m.4 views

SonarSource SonarQube Authentication Bypass Vulnerability

SonarSource SonarQube is an open source code quality management system from SonarSource Switzerland. An authentication bypass vulnerability exists in SonarQube version 8.4.2.36762, which allows an external attacker to implement authentication bypass via SonarScanner to create and overwrite public...

5.3CVSS7.3AI score0.0106EPSS
Exploits1References1
OSV
OSV
added 2020/10/05 12:15 p.m.4 views

CVE-2020-26166

The file upload functionality in qdPM 9.1 doesn't check the file description, which allows remote authenticated attackers to inject web script or HTML via the attachments info parameter, aka XSS. This can occur during creation of a ticket, project, or task...

5.4CVSS6.1AI score0.00849EPSS
Exploits0References3
NVD
NVD
added 2020/10/05 12:15 p.m.17 views

CVE-2020-26166

The file upload functionality in qdPM 9.1 doesn't check the file description, which allows remote authenticated attackers to inject web script or HTML via the attachments info parameter, aka XSS. This can occur during creation of a ticket, project, or task...

5.4CVSS0.00849EPSS
Exploits0References3
Cvelist
Cvelist
added 2020/10/05 12:0 p.m.21 views

CVE-2020-26166

The file upload functionality in qdPM 9.1 doesn't check the file description, which allows remote authenticated attackers to inject web script or HTML via the attachments info parameter, aka XSS. This can occur during creation of a ticket, project, or task...

5.3AI score0.00849EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2020/07/27 6:15 p.m.2 views

CVE-2020-15120

In "I hate money" before version 4.1.5, an authenticated member of one project can modify and delete members of another project, without knowledge of this other project's private code. This can be further exploited to access all bills of another project without knowledge of this other project's...

4.9CVSS5.5AI score0.01029EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2019/09/25 12:0 a.m.9 views

PT-2019-11802 · Jenkins · Jenkins Project Inheritance Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Project Inheritance Plugin version 2.0.0 and earlier Description: A cross-site request forgery issue exists due to a missing permission check in an HTTP endpoint that triggers project creation from templates. This allowed users with...

4.3CVSS4.4AI score0.00606EPSS
Exploits0References4
CVE
CVE
added 2019/05/15 7:23 p.m.63 views

CVE-2019-10110

GitLab CE/EE before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2 contain an Insecure Permissions issue where the"move issue" feature may allow a user to create projects under any namespace on any GitLab instance for which they have credentials. Root cause: improper permission checks aro...

6.5CVSS6.6AI score0.0119EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2017/08/02 7:29 p.m.4 views

CVE-2017-11437

GitLab Enterprise Edition EE before 8.17.7, 9.0.11, 9.1.8, 9.2.8, and 9.3.8 allows an authenticated user with the ability to create a project to use the mirroring feature to potentially read repositories belonging to other users...

6.5CVSS5.5AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2017/06/14 12:0 a.m.6 views

PT-2017-18614 · Atlassian · Bamboo

Name of the Vulnerable Software and Affected Versions: Atlassian Bamboo versions 5.x through 5.15.6 Atlassian Bamboo versions 6.x through 6.0.0 Description: The issue arises from incorrect permission checks for users creating deployment projects. An attacker with login access to Bamboo, but witho...

8.8CVSS8.2AI score0.01638EPSS
Exploits1References5
0day.today
0day.today
added 2016/05/31 12:0 a.m.76 views

ProcessMaker 3.0.1.7 - Multiple Vulnerabilities

Exploit for php platform in category web applications Exploit Title: ProcessMaker v3.0.1.7 Multiple vulnerabilities Date: 31/05/2016 Author: Mickael Dorigny @ information-security.fr Vendor or Software Link: http://www.processmaker.com/ Version: 3.0.1.7 Category: Multiple Vulnerabilities...

7.1AI score
Exploits0
Rows per page
Query Builder