359 matches found
Code injection
Trac 0.11.6 does not properly check workflow permissions before modifying a ticket. This can be exploited by an attacker to change the status and resolution of tickets without having proper permissions...
CVE-2010-5108
Trac 0.11.6 does not properly check workflow permissions before modifying a ticket. This can be exploited by an attacker to change the status and resolution of tickets without having proper permissions...
CVE-2010-5108
The provided connected documents confirm a concrete vulnerability: Trac 0.11.6 does not properly check workflow permissions before modifying a ticket. The root cause is an improper permission check during workflow transitions, which could let an attacker change a ticket’s status and resolution wi...
CVE-2010-5108
Trac 0.11.6 does not properly check workflow permissions before modifying a ticket. This can be exploited by an attacker to change the status and resolution of tickets without having proper permissions...
CVE-2008-5646
Unspecified vulnerability in Trac before 0.11.2 allows attackers to cause a denial of service via unknown attack vectors related to "certain wiki markup."...
CloudBees Jenkins Trac Publisher Plugin Trust Management Issue Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version of the release/testing project and some timed tasks . Trac Publisher Plugin is used in one of...
CVE-2019-1003067
Jenkins Trac Publisher Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...
Design/Logic Flaw
Jenkins Trac Publisher Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...
CVE-2019-1003067
Jenkins Trac Publisher Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...
CVE-2019-1003067
CVE-2019-1003067 describes a credential exposure in the Jenkins Trac Publisher Plugin where credentials are stored in plaintext in job config.xml on the Jenkins master/controller. The root cause is unencrypted credential storage in the plugin’s configuration files, making credentials viewable by ...
CVE-2019-1003067
Jenkins Trac Publisher Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...
trac-fund.com XSS vulnerability
Open Bug Bounty ID: OBB-452924 Description| Value ---|--- Affected Website:| trac-fund.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat She...
Nextcloud: Lost Password CSRF
Hi, I think it is something about your Wordpress version.It's not something highy risky bu it is vulnerability. CODE: Username or Email For testing CSRF I added the .html file to attachments.And there is a screenshot for you. How To Fix : Adding rpkey will be fine. Please take a look at links bel...
[SECURITY] Fedora 21 Update: libreport-2.3.0-10.fc21
Libraries providing API for reporting different problems in applications to different bug targets like Bugzilla, ftp, trac, etc...
[SECURITY] Fedora 23 Update: libreport-2.6.3-1.fc23
Libraries providing API for reporting different problems in applications to different bug targets like Bugzilla, ftp, trac, etc...
[SECURITY] Fedora 22 Update: libreport-2.6.3-1.fc22
Libraries providing API for reporting different problems in applications to different bug targets like Bugzilla, ftp, trac, etc...
[SECURITY] Fedora 21 Update: libreport-2.3.0-8.fc21
Libraries providing API for reporting different problems in applications to different bug targets like Bugzilla, ftp, trac, etc...
[SECURITY] Fedora 22 Update: libreport-2.6.0-1.fc22
Libraries providing API for reporting different problems in applications to different bug targets like Bugzilla, ftp, trac, etc...
Vulnerabilities in the Debian GNU/Linux operating system that allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information
The numerous vulnerabilities in the trac-git package of the Debian GNU/Linux operating system may lead to breaches of the confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited remotely...
Wordpress MailPoet (wysija-newsletters) Unauthenticated File Upload
This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Wordpress MailPoet wysija-newsletters Unauthenticated File Upload', 'Description' = %q The Wordpress plugin "MailPoet Newsletters"...