EUVD-2018-8208

Malware in sbrugna...

GHSA-9HG7-XMF8-JXF9 Stored XSS vulnerability in Jenkins Liquibase Runner Plugin

Liquibase Runner Plugin 1.4.5 and earlier does not escape changeset contents when showing them on the build page. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers able to provide Liquibase changesets evaluated by the plugin. Liquibase Runner Plugin 1.4.7 no...

Design/Logic Flaw

An issue was discovered in the Source Integration plugin before 2.4.1 for MantisBT. An attacker can gain access to the Summary field of private Issues either marked as Private, or part of a private Project, if they are attached to an existing Changeset. The information is visible on the view.php...

PT-2020-15512 · Jenkins · Jenkins Liquibase Runner Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Liquibase Runner Plugin versions 1.4.5 and earlier Description: The issue results in a stored cross-site scripting XSS vulnerability. This occurs because the plugin does not escape changeset contents when showing them on the build pag...

PT-2020-15513 · Jenkins · Jenkins Liquibase Runner Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Liquibase Runner Plugin versions 1.4.5 and earlier Description: The issue allows attackers to provide crafted XML files that use external entities for extraction of secrets from the Jenkins controller or server-side request forgery...

MantisBT Source Integration Plugin Cross-Site Scripting Vulnerability

MantisBT is MantisBT team of a Web-based open source defect tracking system . The system provides project management and defect tracking services in the form of Web operations . Source Integration plugin is used in which a source code control integration plugin . A cross-site scripting...

Cross site scripting

An issue was discovered in the Source Integration plugin before 1.5.9 and 2.x before 2.1.5 for MantisBT. A cross-site scripting XSS vulnerability in the Manage Repository and Changesets List pages allows execution of arbitrary code if CSP settings permit it via repomanagepage.php or list.php...

CVE-2018-16362

CVE-2018-16362 affects the Source Integration plugin for MantisBT, vulnerable in versions prior to 1.5.9 and 2.x prior to 2.1.5. The issue is a cross-site scripting (XSS) flaw on the Manage Repository and Changesets List pages, exploitable to run arbitrary code if CSP settings permit it via repo_...

CVE-2015-8473

The Issues API in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x before 3.1.2 allows remote authenticated users to obtain sensitive information in changeset messages by leveraging permission to read issues with related changesets from other projects...

UBUNTU-CVE-2015-8473

The Issues API in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x before 3.1.2 allows remote authenticated users to obtain sensitive information in changeset messages by leveraging permission to read issues with related changesets from other projects...

[SECURITY] Fedora 12 Update: trac-0.11.7-1.fc12

Trac is an integrated system for managing software projects, an enhanced wiki, a flexible web-based issue tracker, and an interface to the Subversion revision control system. At the core of Trac lies an integrated wiki and issue/bug database. Using wiki markup, all objects managed by Trac can...

Silverstripe <= v2.3.4: two XSS vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Silverstripe CMS, http://silverstripe.org/, version 2.3.4 and lower and its unreleased 2.4 branch, is vulnerable to two Cross Site Scripting issues. 1. The comment posting mechanism of Silverstripe 'PostCommentForm' fails to properly sanitize the...

Silverstripe CMS 2.3.4 Cross Site Scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Silverstripe CMS, , version 2.3.4 and lower and its unreleased 2.4 branch, is vulnerable to two Cross Site Scripting issues. 1. The comment posting mechanism of Silverstripe 'PostCommentForm' fails to properly sanitize the 'CommenterURL' parameter...

CVE-2007-4066

Multiple buffer overflows in Xiph.Org libvorbis before 1.2.0 allow context-dependent attackers to cause a denial of service or have other unspecified impact via a crafted OGG file, aka trac Changesets 13162, 13168, 13169, 13170, 13172, 13211, and 13215, as demonstrated by an overflow in oggenc.ex...

Buffer overflow

Multiple buffer overflows in Xiph.Org libvorbis before 1.2.0 allow context-dependent attackers to cause a denial of service or have other unspecified impact via a crafted OGG file, aka trac Changesets 13162, 13168, 13169, 13170, 13172, 13211, and 13215, as demonstrated by an overflow in oggenc.ex...

CVE-2007-4066

Multiple buffer overflows in Xiph.Org libvorbis before 1.2.0 allow context-dependent attackers to cause a denial of service or have other unspecified impact via a crafted OGG file, aka trac Changesets 13162, 13168, 13169, 13170, 13172, 13211, and 13215, as demonstrated by an overflow in oggenc.ex...

CVE-2007-4066

CVE-2007-4066 concerns multiple buffer overflows in libvorbis (pre-1.2.0) that can be triggered by a crafted OGG file, enabling a context-dependent attacker to cause denial of service or other unspecified impact. The vulnerability stems from an overflow in oggenc.exe related to the _psy_noiseguar...