60 matches found
CVE-2022-23642
Sourcegraph prior to 3.37 is vulnerable to remote code execution in the gitserver service due to insufficient restriction on git config execution. The issue arises when an attacker who can access internal gitserver HTTP endpoints can set the git core.sshCommand option, causing git to execute arbi...
Sourcegraph 代码注入漏洞
Sourcegraph is an open source code search and navigation tool from Sourcegraph, Inc. Sourcegraph is vulnerable to a code injection vulnerability that could be exploited by attackers to cause remote code execution...
CVE-2022-23643
Sourcegraph is a code search and navigation engine. Sourcegraph versions 3.35 and 3.36 reintroduced a previously fixed side-channel vulnerabilitity in the Code Monitoring feature where strings in private source code could be guessed by an authenticated but unauthorized actor. This issue affects...
Code injection
Sourcegraph is a code search and navigation engine. Sourcegraph versions 3.35 and 3.36 reintroduced a previously fixed side-channel vulnerabilitity in the Code Monitoring feature where strings in private source code could be guessed by an authenticated but unauthorized actor. This issue affects...
CVE-2021-43823
Sourcegraph before version 3.33.2 is affected by a side-channel vulnerability in the Saved Searches and Code Monitoring features. An authenticated but unauthorized actor could create many Saved Searches or Code Monitors to infer whether specific strings exist in private source code, potentially e...
CVE-2021-32787
CVE-2021-32787 affects Sourcegraph before version 3.30.0. The vulnerability exposes information in the site-admin area to regular users, leaking daily usage statistics and code intelligence uploads/indexes while not allowing alteration of other features. The root cause is improper access to site-...
CVE-2017-15381
SQL Injection exists in E-Sic 1.0 via the f parameter to esiclivre/restrito/inc/buscacep.php aka the zip code search script...
Sql injection
SQL Injection exists in E-Sic 1.0 via the f parameter to esiclivre/restrito/inc/buscacep.php aka the zip code search script...
CVE-2017-15381
SQL Injection exists in E-Sic 1.0 via the f parameter to esiclivre/restrito/inc/buscacep.php aka the zip code search script...
CVE-2017-15381
SQL Injection exists in E-Sic 1.0 via the f parameter to esiclivre/restrito/inc/buscacep.php aka the zip code search script...
E-Sic Software livre CMS - f SQL Injection
E-Sic Software livre CMS - f SQL Injection Exploit Title: E-Sic Software livre CMS - Sql Injection Date: 12/10/2017 Exploit Author: Elber Tavares fireshellsecurity.team/ Vendor Homepage: https://softwarepublico.gov.br/ Version: 1.0 Tested on: kali linux, windows 7, 8.1, 10 - Firefox Download...
E-Sic Software livre CMS - 'f' SQL Injection
Exploit Title: E-Sic Software livre CMS - Sql Injection Date: 12/10/2017 Exploit Author: Elber Tavares fireshellsecurity.team/ Vendor Homepage: https://softwarepublico.gov.br/ Version: 1.0 Tested on: kali linux, windows 7, 8.1, 10 - Firefox Download...
compteur 2.0 - (param_editor.php) Remote File Include Vulnerability
No description provided by source. Title..: 7 php scripts File Inclusion Vuln / Source disclosure Credits: DarkFig Og.link: http://acid-root.new.fr/poc/13061007.txt Using http://www.google.com/codesearch Few examples about what we can do with a code search engine For educational purpose only. You...
CVE-2013-4489
The Grit gem for Ruby, as used in GitLab 5.2 before 5.4.1 and 6.x before 6.2.3, allows remote authenticated users to execute arbitrary commands, as demonstrated by the search box for the GitLab code search feature...
Design/Logic Flaw
The Grit gem for Ruby, as used in GitLab 5.2 before 5.4.1 and 6.x before 6.2.3, allows remote authenticated users to execute arbitrary commands, as demonstrated by the search box for the GitLab code search feature...
CVE-2013-4489
Removed by vendor...
GitLab Grit Gem for Ruby contains a flaw
GitLab Grit Gem for Ruby contains a flaw in the app/contexts/searchcontext.rb script. The issue is triggered when input passed via the code search box is not properly sanitized, which allows strings to be evaluated by the Bourne shell. This may allow a remote attacker to execute arbitrary command...
Add warning to Shared Dashboards explaining consequence of 'everyone'
In JRA-22207, a warning was added to the "Shared Filters" page explaining what "Everyone" actually means. The "Shared Dashboards" screen also needs this warning. Please also search in the code for anywhere else this permissions-setting control is used...
Add warning to Shared Dashboards explaining consequence of 'everyone'
In JRA-22207, a warning was added to the "Shared Filters" page explaining what "Everyone" actually means. The "Shared Dashboards" screen also needs this warning. Please also search in the code for anywhere else this permissions-setting control is used...
phpIncludes.txt
Title..: 7 php scripts File Inclusion Vuln / Source disclosure Credits: DarkFig Og.link: http://acid-root.new.fr/poc/13061007.txt Using http://www.google.com/codesearch Few examples about what we can do with a code search engine For educational purpose only. You can use regex in your research, th...