36 matches found
CVE-2025-54466
Improper Control of Generation of Code 'Code Injection' vulnerability leading to a possible RCE in Apache OFBiz scrum plugin. This issue affects Apache OFBiz: before 24.09.02 only when the scrum plugin is used. Even unauthenticated attackers can exploit this vulnerability. Users are recommended t...
CVE-2025-54466
CVE-2025-54466 involves an RCE in the Apache OFBiz Scrum plugin caused by improper control of code generation. Affected: Apache OFBiz versions prior to 24.09.02 when the Scrum plugin is used. Exploitation can be performed by unauthenticated attackers, potentially enabling remote code execution. R...
CVE-2025-54466 Apache OFBiz: RCE Vulnerability in scrum plugin
Improper Control of Generation of Code 'Code Injection' vulnerability leading to a possible RCE in Apache OFBiz scrum plugin. This issue affects Apache OFBiz: before 24.09.02 only when the scrum plugin is used. Even unauthenticated attackers can exploit this vulnerability. Users are recommended t...
CVE-2025-54466 Apache OFBiz: RCE Vulnerability in scrum plugin
Improper Control of Generation of Code 'Code Injection' vulnerability leading to a possible RCE in Apache OFBiz scrum plugin. This issue affects Apache OFBiz: before 24.09.02 only when the scrum plugin is used. Even unauthenticated attackers can exploit this vulnerability. Users are recommended t...
CVE-2025-54466 Apache OFBiz: RCE Vulnerability in scrum plugin
Improper Control of Generation of Code 'Code Injection' vulnerability leading to a possible RCE in Apache OFBiz scrum plugin. This issue affects Apache OFBiz: before 24.09.02 only when the scrum plugin is used. Even unauthenticated attackers can exploit this vulnerability. Users are recommended t...
Malicious code in test-mlw2-hoven-scrum (npm)
The package test-mlw2-hoven-scrum was found to contain malicious code...
MAL-2025-35537 Malicious code in test-mlw2-hoven-scrum (npm)
The package test-mlw2-hoven-scrum was found to contain malicious code...
PT-2025-31969 · Apache +1 · Apache Ofbiz +2
Name of the Vulnerable Software and Affected Versions: Apache OFBiz versions prior to 24.09.02 Description: This issue involves improper control of code generation 'Code Injection' in the scrum plugin of Apache OFBiz, potentially leading to Remote Code Execution RCE. Unauthenticated attackers can...
PT-2024-35774 · Taiga · Taiga
Name of the Vulnerable Software and Affected Versions: Taiga version 8.6.1 Description: A Client-Side Template Injection CSTI issue in the /project/new/scrum component allows remote attackers to execute arbitrary code by injecting a malicious payload within the new project details. Recommendation...
Kados R10 GreenBee - Multiple SQL Injection Vulnerability
Exploit for php platform in category web applications =========================================================================================== Exploit Title: Kados R10 GreenBee - 'menulev1' SQL Injection Dork: N/A Exploit Author: Mehmet EMIROGLU Vendor Homepage: https://www.kados.info/ Softwar...
Kados R10 GreenBee SQL Injection
=========================================================================================== Exploit Title: Kados R10 GreenBee - 'menulev1' SQL Injection Dork: N/A Date: 06-03-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: https://www.kados.info/ Software Link:...
Managing JIRA Scrum Sprints using API
Atlassian Jira is a great tool for organizing Agile processes, especially Scrum. But managing Scrum Sprints manually using Jira web GUI maybe time consuming and annoying. So, I decided to automate some routine operations using JIRA API and Python. The API calls are described on the official page ...
Want better apps? You need a (agile security) hero!
If weve learned anything from the rise of Marvel Cinematic Universe, its that good things tend to happen when heroes intervene. For securing new applications, this metaphor is a useful one because security isnt always top-of-mind for scrum teams, nor is it always conducive to meeting aggressive...
VIDEO: Carbon Black’s Agile Transformation
In 2017, our product team went through a major "Agile Transformation." All employees adopted this new way of working to establish better collaboration within and across teams. We’ve restructured our teams to be smaller and more cross-functional. We’ve hired Agile Coaches and Scrum Masters to keep...
XSRF Security Token Missing when clicking on Contact an administrator
h3. Summary Clicking on the "Contact an administrator to perform this action." results in XSRF Security Token Missing. Tested with : Chrome Version 54.0.2840.59 64-bit Firefox 49.0 h3. Steps to Reproduce Configure Outgoing Mail Enable Contact Administrators Form from General Configurations Create...
XSRF Security Token Missing when clicking on Contact an administrator
h3. Summary Clicking on the "Contact an administrator to perform this action." results in XSRF Security Token Missing. Tested with : Chrome Version 54.0.2840.59 64-bit Firefox 49.0 h3. Steps to Reproduce Configure Outgoing Mail Enable Contact Administrators Form from General Configurations Create...