Gitlab -- vulnerabilities

Attacker can add other projects policy bot as member to their own project and use that bot to trigger pipelines in victims project Group import allows impersonation of users in CI pipelines Developers can bypass code owners approval by changing a MR's base branch Leaking source code of restricted...

Critical JetBrains TeamCity Flaw Could Expose Source Code and Build Pipelines to Attackers

A critical security vulnerability in the JetBrains TeamCity continuous integration and continuous deployment CI/CD software could be exploited by unauthenticated attackers to achieve remote code execution on affected systems. The flaw, tracked as CVE-2023-42793, carries a CVSS score of 9.8 and ha...

CVE-2022-4244

A flaw was found in codeplex-codehaus. A directory traversal attack also known as path traversal aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash ../" sequences and their variations or by using absolute file paths, it may be possib...

UBUNTU-CVE-2022-4244

A flaw was found in codeplex-codehaus. A directory traversal attack also known as path traversal aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash ../" sequences and their variations or by using absolute file paths, it may be possib...

Shared Files < 1.7.6 - Unauthenticated Stored Cross-Site Scripting

Description The plugin does not return the right Content-Type header for the specified uploaded file. Therefore, an attacker can upload an allowed file extension injected with malicious scripts. Upload an allowed WordPress extension such as JPG and inject it with a script such as: alert1;. To...

curl: NULL Pointer dereference in idn.c

Vulnerability description not provided...

CVE-2023-42359

SQL injection vulnerability in Exam Form Submission in PHP with Source Code v.1.0 allows a remote attacker to escalate privileges via the val-username parameter in /index.php...

Sql injection

SQL injection vulnerability in Exam Form Submission in PHP with Source Code v.1.0 allows a remote attacker to escalate privileges via the val-username parameter in /index.php...

CVE-2023-42359

SQL injection vulnerability in Exam Form Submission in PHP with Source Code v.1.0 allows a remote attacker to escalate privileges via the val-username parameter in /index.php...

CVE-2023-40850

netentsec NS-ASG 6.3 is vulnerable to Incorrect Access Control. There is a file leak in the website source code of the application security gateway...

CVE-2023-40850

netentsec NS-ASG 6.3 is vulnerable to Incorrect Access Control. There is a file leak in the website source code of the application security gateway...

CVE-2023-40850

netentsec NS-ASG 6.3 is vulnerable to Incorrect Access Control. There is a file leak in the website source code of the application security gateway...

Improper access control

netentsec NS-ASG 6.3 is vulnerable to Incorrect Access Control. There is a file leak in the website source code of the application security gateway...

PT-2023-27675 · Netentsec · Netentsec Ns-Asg

Name of the Vulnerable Software and Affected Versions: netentsec NS-ASG version 6.3 Description: The issue is related to Incorrect Access Control, with a file leak found in the website source code of the application security gateway. Recommendations: For netentsec NS-ASG version 6.3, consider...

CVE-2023-40850

netentsec NS-ASG 6.3 is vulnerable to Incorrect Access Control. There is a file leak in the website source code of the application security gateway...

CVE-2023-40850

netentsec NS-ASG 6.3 is vulnerable to Incorrect Access Control. There is a file leak in the website source code of the application security gateway...

CVE-2023-40850

CVE-2023-40850 affects netentsec NS-ASG 6.3 (application security gateway). The issue is an Incorrect Access Control allowing leakage of the website source code files. Based on sources, this is described as a file disclosure risk within NS-ASG’s website source and is associated with version 6.3. ...

Netcon NS-ASG Security Vulnerability

Netcon NS-ASG is an application security gateway from China Netcon Technology Netcon. A security vulnerability exists in Netcon NS-ASG version 6.3, which stems from vulnerability to incorrect access control and file disclosure of the Application Security Gateway website source code...

CVE-2023-31069

An issue was discovered in TSplus Remote Access through 16.0.2.14. Credentials are stored as cleartext within the HTML source code of the login page...

CVE-2023-31069

An issue was discovered in TSplus Remote Access through 16.0.2.14. Credentials are stored as cleartext within the HTML source code of the login page...