Lucene search
K

60 matches found

CVE
CVE
added 2022/02/18 10:15 p.m.177 views

CVE-2022-23642

Sourcegraph prior to 3.37 is vulnerable to remote code execution in the gitserver service due to insufficient restriction on git config execution. The issue arises when an attacker who can access internal gitserver HTTP endpoints can set the git core.sshCommand option, causing git to execute arbi...

8.8CVSS8.8AI score0.7431EPSS
Exploits8References4Affected Software1
CNNVD
CNNVD
added 2022/02/18 12:0 a.m.42 views

Sourcegraph 代码注入漏洞

Sourcegraph is an open source code search and navigation tool from Sourcegraph, Inc. Sourcegraph is vulnerable to a code injection vulnerability that could be exploited by attackers to cause remote code execution...

8.8CVSS6.2AI score0.7431EPSS
Exploits8References11
NVD
NVD
added 2022/02/15 10:15 p.m.32 views

CVE-2022-23643

Sourcegraph is a code search and navigation engine. Sourcegraph versions 3.35 and 3.36 reintroduced a previously fixed side-channel vulnerabilitity in the Code Monitoring feature where strings in private source code could be guessed by an authenticated but unauthorized actor. This issue affects...

6.5CVSS0.00789EPSS
Exploits0References2
Prion
Prion
added 2022/02/15 10:15 p.m.19 views

Code injection

Sourcegraph is a code search and navigation engine. Sourcegraph versions 3.35 and 3.36 reintroduced a previously fixed side-channel vulnerabilitity in the Code Monitoring feature where strings in private source code could be guessed by an authenticated but unauthorized actor. This issue affects...

4CVSS6.3AI score0.00837EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2021/12/13 7:55 p.m.57 views

CVE-2021-43823

Sourcegraph before version 3.33.2 is affected by a side-channel vulnerability in the Saved Searches and Code Monitoring features. An authenticated but unauthorized actor could create many Saved Searches or Code Monitors to infer whether specific strings exist in private source code, potentially e...

6.5CVSS6.3AI score0.00837EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2021/08/02 10:0 p.m.49 views

CVE-2021-32787

CVE-2021-32787 affects Sourcegraph before version 3.30.0. The vulnerability exposes information in the site-admin area to regular users, leaking daily usage statistics and code intelligence uploads/indexes while not allowing alteration of other features. The root cause is improper access to site-...

4.3CVSS4.3AI score0.00649EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2017/10/23 8:29 a.m.4 views

CVE-2017-15381

SQL Injection exists in E-Sic 1.0 via the f parameter to esiclivre/restrito/inc/buscacep.php aka the zip code search script...

9.8CVSS5.9AI score0.01482EPSS
Exploits1References1
Prion
Prion
added 2017/10/23 8:29 a.m.12 views

Sql injection

SQL Injection exists in E-Sic 1.0 via the f parameter to esiclivre/restrito/inc/buscacep.php aka the zip code search script...

7.5CVSS9.8AI score0.01482EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2017/10/23 8:29 a.m.13 views

CVE-2017-15381

SQL Injection exists in E-Sic 1.0 via the f parameter to esiclivre/restrito/inc/buscacep.php aka the zip code search script...

9.8CVSS9.9AI score0.01482EPSS
Exploits1References1
Cvelist
Cvelist
added 2017/10/23 8:0 a.m.19 views

CVE-2017-15381

SQL Injection exists in E-Sic 1.0 via the f parameter to esiclivre/restrito/inc/buscacep.php aka the zip code search script...

9.9AI score0.01482EPSS
Exploits1References1
exploitpack
exploitpack
added 2017/10/12 12:0 a.m.17 views

E-Sic Software livre CMS - f SQL Injection

E-Sic Software livre CMS - f SQL Injection Exploit Title: E-Sic Software livre CMS - Sql Injection Date: 12/10/2017 Exploit Author: Elber Tavares fireshellsecurity.team/ Vendor Homepage: https://softwarepublico.gov.br/ Version: 1.0 Tested on: kali linux, windows 7, 8.1, 10 - Firefox Download...

0.3AI score
Exploits0
Exploit DB
Exploit DB
added 2017/10/12 12:0 a.m.23 views

E-Sic Software livre CMS - 'f' SQL Injection

Exploit Title: E-Sic Software livre CMS - Sql Injection Date: 12/10/2017 Exploit Author: Elber Tavares fireshellsecurity.team/ Vendor Homepage: https://softwarepublico.gov.br/ Version: 1.0 Tested on: kali linux, windows 7, 8.1, 10 - Firefox Download...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.15 views

compteur 2.0 - (param_editor.php) Remote File Include Vulnerability

No description provided by source. Title..: 7 php scripts File Inclusion Vuln / Source disclosure Credits: DarkFig Og.link: http://acid-root.new.fr/poc/13061007.txt Using http://www.google.com/codesearch Few examples about what we can do with a code search engine For educational purpose only. You...

7.1AI score
Exploits0
NVD
NVD
added 2014/05/17 8:55 p.m.24 views

CVE-2013-4489

The Grit gem for Ruby, as used in GitLab 5.2 before 5.4.1 and 6.x before 6.2.3, allows remote authenticated users to execute arbitrary commands, as demonstrated by the search box for the GitLab code search feature...

6.5CVSS6.9AI score0.01411EPSS
Exploits0References1
Prion
Prion
added 2014/05/17 8:55 p.m.26 views

Design/Logic Flaw

The Grit gem for Ruby, as used in GitLab 5.2 before 5.4.1 and 6.x before 6.2.3, allows remote authenticated users to execute arbitrary commands, as demonstrated by the search box for the GitLab code search feature...

6.5CVSS7.4AI score0.01411EPSS
Exploits0References1Affected Software1
Debian CVE
Debian CVE
added 2014/05/17 8:0 p.m.25 views

CVE-2013-4489

Removed by vendor...

6.5CVSS5.8AI score0.01411EPSS
Exploits0
RubySec
RubySec
added 2013/11/04 12:0 a.m.20 views

GitLab Grit Gem for Ruby contains a flaw

GitLab Grit Gem for Ruby contains a flaw in the app/contexts/searchcontext.rb script. The issue is triggered when input passed via the code search box is not properly sanitized, which allows strings to be evaluated by the Bourne shell. This may allow a remote attacker to execute arbitrary command...

6.5CVSS7.3AI score0.01411EPSS
Exploits0References1Affected Software1
Atlassian
Atlassian
added 2010/12/30 3:6 a.m.21 views

Add warning to Shared Dashboards explaining consequence of 'everyone'

In JRA-22207, a warning was added to the "Shared Filters" page explaining what "Everyone" actually means. The "Shared Dashboards" screen also needs this warning. Please also search in the code for anywhere else this permissions-setting control is used...

1.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2010/12/30 3:6 a.m.18 views

Add warning to Shared Dashboards explaining consequence of 'everyone'

In JRA-22207, a warning was added to the "Shared Filters" page explaining what "Everyone" actually means. The "Shared Dashboards" screen also needs this warning. Please also search in the code for anywhere else this permissions-setting control is used...

1.3AI score
Exploits0Affected Software1
Packet Storm
Packet Storm
added 2006/10/12 12:0 a.m.22 views

phpIncludes.txt

Title..: 7 php scripts File Inclusion Vuln / Source disclosure Credits: DarkFig Og.link: http://acid-root.new.fr/poc/13061007.txt Using http://www.google.com/codesearch Few examples about what we can do with a code search engine For educational purpose only. You can use regex in your research, th...

7.4AI score
Exploits0
Rows per page
Query Builder