111 matches found
Gitlab 13.9.3 - Remote Code Execution (Authenticated) Exploit
Exploit Title: Gitlab 13.9.3 - Remote Code Execution Authenticated Exploit Author: enox Vendor Homepage: https://about.gitlab.com/ Software Link: https://gitlab.com/ Version: 13.9.4 Tested On: Ubuntu 20.04 Environment: Gitlab 13.9.1 CE Credits: https://hackerone.com/reports/1125425...
SonarSource SonarQube Authentication Bypass Vulnerability
SonarSource SonarQube is an open source code quality management system from SonarSource Switzerland. An authentication bypass vulnerability exists in SonarQube version 8.4.2.36762, which allows an external attacker to implement authentication bypass via SonarScanner to create and overwrite public...
CVE-2020-26166
The file upload functionality in qdPM 9.1 doesn't check the file description, which allows remote authenticated attackers to inject web script or HTML via the attachments info parameter, aka XSS. This can occur during creation of a ticket, project, or task...
CVE-2020-26166
The file upload functionality in qdPM 9.1 doesn't check the file description, which allows remote authenticated attackers to inject web script or HTML via the attachments info parameter, aka XSS. This can occur during creation of a ticket, project, or task...
CVE-2020-26166
The file upload functionality in qdPM 9.1 doesn't check the file description, which allows remote authenticated attackers to inject web script or HTML via the attachments info parameter, aka XSS. This can occur during creation of a ticket, project, or task...
CVE-2020-15120
In "I hate money" before version 4.1.5, an authenticated member of one project can modify and delete members of another project, without knowledge of this other project's private code. This can be further exploited to access all bills of another project without knowledge of this other project's...
PT-2019-11802 · Jenkins · Jenkins Project Inheritance Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Project Inheritance Plugin version 2.0.0 and earlier Description: A cross-site request forgery issue exists due to a missing permission check in an HTTP endpoint that triggers project creation from templates. This allowed users with...
CVE-2019-10110
GitLab CE/EE before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2 contain an Insecure Permissions issue where the"move issue" feature may allow a user to create projects under any namespace on any GitLab instance for which they have credentials. Root cause: improper permission checks aro...
CVE-2017-11437
GitLab Enterprise Edition EE before 8.17.7, 9.0.11, 9.1.8, 9.2.8, and 9.3.8 allows an authenticated user with the ability to create a project to use the mirroring feature to potentially read repositories belonging to other users...
PT-2017-18614 · Atlassian · Bamboo
Name of the Vulnerable Software and Affected Versions: Atlassian Bamboo versions 5.x through 5.15.6 Atlassian Bamboo versions 6.x through 6.0.0 Description: The issue arises from incorrect permission checks for users creating deployment projects. An attacker with login access to Bamboo, but witho...
ProcessMaker 3.0.1.7 - Multiple Vulnerabilities
Exploit for php platform in category web applications Exploit Title: ProcessMaker v3.0.1.7 Multiple vulnerabilities Date: 31/05/2016 Author: Mickael Dorigny @ information-security.fr Vendor or Software Link: http://www.processmaker.com/ Version: 3.0.1.7 Category: Multiple Vulnerabilities...