Arbitrary Argument Injection

Overview Affected versions of this package are vulnerable to Arbitrary Argument Injection via the tag deletion. An attacker can execute arbitrary git options by supplying a crafted tag name when triggering the deletion, potentially causing unintended behavior or disruption of the underlying...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the synchronization process when a repository file is deleted prior to synchronization. An attacker can cause the application to crash by deleting a repository file before synchronization as an authenticated...

EUVD-2021-2561

Malware in sbrugna...

EUVD-2009-0984

Malware in sbrugna...

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration via insecure session handling in prebuilt workspaces. An attacker can gain unauthorized access to other users' workspaces by reusing unexpired session tokens exposed through...

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration via insecure session handling in prebuilt workspaces. An attacker can gain unauthorized access to other users' workspaces by reusing unexpired session tokens exposed through...

CVE-2016-10768

cPanel before 60.0.25 allows file-overwrite operations during preparation for MySQL upgrades SEC-161...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection through the registration of user-defined functions UDFs from untrusted sources. An attacker with the privilege to create UDFs can execute arbitrary code by registering a malicious function. Remediation Upgrade...

GHSA-WH34-M772-5398 XWiki Platform has an SQL injection in getdocuments.vm with sort parameter

Impact In getdocument.vm ; the ordering of the returned documents is defined from an unsanitized request parameter request.sort and can allow any user to inject HQL. Depending on the used database backend, the attacker may be able to not only obtain confidential information such as password hashe...

CVE-2024-8658

The myCred – Loyalty Points and Rewards plugin for WordPress and WooCommerce – Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the...

CVE-2024-8658 myCred – Loyalty Points and Rewards plugin for WordPress and WooCommerce – Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification <= 2.7.3 - Missing Authorization to Unauthenticated Database Upgrade

The myCred – Loyalty Points and Rewards plugin for WordPress and WooCommerce – Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the...

CVE-2024-8658

CVE-2024-8658 affects the myCred – Loyalty Points and Rewards plugin for WordPress/WooCommerce (versions up to and including 2.7.3). The issue is a missing capability check in the mycred_update_database() function, allowing unauthenticated attackers to perform an unauthorised database upgrade. Mi...

Debian DLA-1151-2 : wordpress regression update

The fix for CVE-2017-14990 issued as DLA-1151-1 was incomplete and caused a regression. It was discovered that an additional database upgrade and further code changes would be necessary. At the moment these changes are deemed as too intrusive and thus the initial patch for CVE-2017-14990 has been...

Description of the security update for SharePoint Enterprise Server 2016: October 10, 2017

Description of the security update for SharePoint Enterprise Server 2016: October 10, 2017 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, s...

openSUSE Security Update : cacti (openSUSE-2015-221)

cacti was updated to version 0.8.8c boo920399 This update fixes four vulnerabilities and adds some compatible features. - Security fixes not previously patched : - CVE-2014-2326 - XSS issue via CDEF editing - CVE-2014-2327 - Cross-site request forgery CSRF vulnerability - CVE-2014-2328 - Remote...

Backup Catalog Service does not start. Error "Can't upgrade database in readonly maintenance mode!"

Challenge This KB applies only if the "Veeam Backup Enterprise Manager" service is present. The "Veeam Backup Catalog Data Service" will not start, and the following error is found in event viewer. "Service cannot be started. Veeam.Backup.Common.CRegeneratedTraceException: Failed to start service...

Debian Security Advisory DSA 2671-1 (request-tracker4 - several vulnerabilities)

Multiple vulnerabilities have been discovered in Request Tracker, an extensible trouble-ticket tracking system. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2012-4733 A user with the ModifyTicket right can bypass the DeleteTicket right or any custom...

DSA-2670-1 request-tracker3.8 - several

Bulletin has no description...

Debian: Security Advisory (DSA-2670-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2011-1390

SQL injection vulnerability in the Maintenance tool in IBM Rational ClearQuest 7.1.1.x before 7.1.1.9, 7.1.2.x before 7.1.2.6, and 8.x before 8.0.0.2 allows remote attackers to execute arbitrary SQL commands by leveraging an error in the user-database upgrade feature...