109 matches found
Plone Arbitrary File Read
atdownload.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read arbitrary BLOBs Files and Images stored on custom content types via a crafted URL...
CVE-2022-0687
The Amelia WordPress plugin before 1.0.47 stores image blobs into actual files whose extension is controlled by the user, which may lead to PHP backdoors being uploaded onto the site. This vulnerability can be exploited by logged-in users with the custom "Amelia Manager" role...
GitLab Cross-Site Scripting Vulnerability (CNVD-2021-31225)
GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A cross-site scripting vulnerability exists in the blobs...
CVE-2020-13271
A Stored Cross-Site Scripting vulnerability allowed the execution of arbitrary Javascript code in the blobs API in all previous GitLab CE/EE versions through 13.0.1...
CVE-2020-13271
A Stored Cross-Site Scripting vulnerability allowed the execution of arbitrary Javascript code in the blobs API in all previous GitLab CE/EE versions through 13.0.1...
Cross site scripting
A Stored Cross-Site Scripting vulnerability allowed the execution of arbitrary Javascript code in the blobs API in all previous GitLab CE/EE versions through 13.0.1...
UBUNTU-CVE-2020-13271
A Stored Cross-Site Scripting vulnerability allowed the execution of arbitrary Javascript code in the blobs API in all previous GitLab CE/EE versions through 13.0.1...
CVE-2020-13271
Removed by vendor...
PT-2020-13412 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions prior to 13.0.1 Description: A Stored Cross-Site Scripting issue allows the execution of arbitrary Javascript code in the blobs API. Recommendations: For versions prior to 13.0.1, update to version 13.0.1 or later to...
Huawei EulerOS: Security Advisory for sqlite (EulerOS-SA-2019-1668)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for sqlite (EulerOS-SA-2019-1720)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
GitLab Command Injection Vulnerability
GitLab is an open source application developed using Ruby on Rails that implements a self-hosted Git project repository that can be accessed through a web interface for public and private projects.GitLab EE is the GitLab Enterprise Edition and GitLab CE is the GitLab Community Edition. A command...
CVE-2019-15575
A command injection exists in GitLab CE/EE v12.3.2, v12.2.6, and v12.1.12 that allowed an attacker to inject commands via the API through the blobs scope...
Command injection
A command injection exists in GitLab CE/EE v12.3.2, v12.2.6, and v12.1.12 that allowed an attacker to inject commands via the API through the blobs scope...
CVE-2019-15575
A command injection exists in GitLab CE/EE v12.3.2, v12.2.6, and v12.1.12 that allowed an attacker to inject commands via the API through the blobs scope...
CVE-2019-15575
Removed by vendor...
EulerOS 2.0 SP2 : sqlite (EulerOS-SA-2019-1720)
According to the version of the sqlite packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a...
EulerOS 2.0 SP5 : sqlite (EulerOS-SA-2019-1668)
According to the version of the sqlite packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a...
EulerOS Virtualization 2.5.3 : sqlite (EulerOS-SA-2019-1275)
According to the versions of the sqlite packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - osunix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to...
NSS Netscape Certificate Sequences CERT_DecodeCertPackage() Crash
nss: CERTDecodeCertPackage crash with Netscape Certificate Sequences I noticed that the main entrypoint for decoding DER blobs in NSS, CERTDecodeCertPackage, actually handles multiple formats including PEM, PKCS7, and old Netscape Certificate Sequences. You can generate a Netscape Certificate...