Malicious code in customerdigital-ui-components-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 70a8c957edf16da956a7859c7a0e1d8accbe84824b88f1f19f70a01acd07b729 The package customerdigital-ui-components-lib was found to contain malicious code. Source: ghsa-malware...

EUVD-2019-2126

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2019-10065

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Open Ticket Request System OTRS 7.0 through 7.0.6. An attacker who is logged into OTRS as a customer user can use the search result...

CVE-2019-10065

An issue was discovered in Open Ticket Request System OTRS 7.0 through 7.0.6. An attacker who is logged into OTRS as a customer user can use the search result screens to disclose information from internal FAQ articles, a different vulnerability than CVE-2019-9753...

CVE-2019-13457

An issue was discovered in Open Ticket Request System OTRS 7.0.x through 7.0.8. A customer user can use the search results to disclose information from their "company" tickets with the same CustomerID, even when the CustomerDisableCompanyTicketAccess setting is turned on...

CVE-2019-16375

An issue was discovered in Open Ticket Request System OTRS 7.0.x through 7.0.11, and Community Edition 5.0.x through 5.0.37 and 6.0.x through 6.0.22. An attacker who is logged in as an agent or customer user with appropriate permissions can create a carefully crafted string containing malicious...

CVE-2019-13457

OTRS vulnerability CVE-2019-13457: Affects Open Ticket Request System (OTRS) 7.0.x–7.0.8. A customer user could disclose information from their own “company” tickets via search results, even when CustomerDisableCompanyTicketAccess is enabled. Root cause is information disclosure within ticket sea...

CVE-2019-13457

An issue was discovered in Open Ticket Request System OTRS 7.0.x through 7.0.8. A customer user can use the search results to disclose information from their "company" tickets with the same CustomerID, even when the CustomerDisableCompanyTicketAccess setting is turned on...

CVE-2019-10065

An issue was discovered in Open Ticket Request System OTRS 7.0 through 7.0.6. An attacker who is logged into OTRS as a customer user can use the search result screens to disclose information from internal FAQ articles, a different vulnerability than CVE-2019-9753...

CVE-2019-10065

An issue was discovered in Open Ticket Request System OTRS 7.0 through 7.0.6. An attacker who is logged into OTRS as a customer user can use the search result screens to disclose information from internal FAQ articles, a different vulnerability than CVE-2019-9753...

UBUNTU-CVE-2019-10065

An issue was discovered in Open Ticket Request System OTRS 7.0 through 7.0.6. An attacker who is logged into OTRS as a customer user can use the search result screens to disclose information from internal FAQ articles, a different vulnerability than CVE-2019-9753...

CVE-2019-10065

CVE-2019-10065 concerns Open Ticket Request System (OTRS) versions 7.0 through 7.0.6. The vulnerability enables an attacker who is logged in as a customer to use search result screens to disclose information from internal FAQ articles, representing an information-disclosure flaw distinct from CVE...

CVE-2019-10065

An issue was discovered in Open Ticket Request System OTRS 7.0 through 7.0.6. An attacker who is logged into OTRS as a customer user can use the search result screens to disclose information from internal FAQ articles, a different vulnerability than CVE-2019-9753...

CVE-2019-9753

OTRS 7.x before 7.0.5 has an information disclosure vulnerability (CVE-2019-9753). An authenticated user (agent or customer) can use search result screens to disclose data from internal entities: Custom Pages, FAQ Articles, Service Catalogue Items, and ITSM Configuration Items. Root cause: inform...

Sendroid 5.2 - SQL Injection

Exploit Title: Sendroid - Bulk SMS Portal, Marketing v5.2 Script - SQL Injection Google Dork: N/A Date: 09.02.2017 Vendor Homepage: http://ynetinteractive.com/ Software Buy: https://codecanyon.net/item/sendroid-bulk-sms-portal-marketing-2way-messaging-script-with-mobile-app/14657225 Demo:...

ManageEngine ServiceDesk 8.0 - Multiple Vulnerabilities

No description provided by source. Title: ====== ManageEngine ServiceDesk 8.0 - Multiple Vulnerabilities Date: ===== 2012-11-15 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=689 VL-ID: ===== 689 Common Vulnerability Scoring System: ====================================...

It's possible to browse project names when using Issue Security Scheme.

A customer user is set up and only allowed to see "External" issues. - The user is added as project role "Customers" in project "X". - The project got Issue Security Scheme "Customers". Internal / External When logging in as the customer user, you can only see the External issues within this...