Security update for nsd (moderate)

openSUSE Security Update: Security update for nsd Announcement ID: openSUSE-SU-2020:2222-1 Rating: moderate References: 1157331 1179191 Cross-References: CVE-2019-13207 CVE-2020-28935 Affected Products: openSUSE Leap 15.2 openSUSE Leap 15.1 openSUSE Backports SLE-15-SP2 openSUSE Backports...

HackerOne: Security@ email forwarding and Embedded Submission drafts can be used to obtain copy of deleted attachments from other HackerOne users

HackerOne has a number of ways for hackers to submit security vulnerabilities to a program, two of which are through an embedded submission form and through security@ email forwarding. These two features can be exploited to update a report draft created through security@ email forwarding that doe...

Basecamp: stored XSS in hey.com message content

Hi I found a stored xss using messagecontent parameter when forwarding an email or saving it as draft , and when the victim click on the email to view it, it gets executed . I used this payload as the message content : From: "f" To: [email protected] Message-ID: Subject:...

Unspecified Vulnerability in JetBrains YouTrack

JetBrains YouTrack is a browser-based bug tracking and project management software from the Czech company JetBrains. The software features bug tracking, creating workflows and monitoring project progress. A security vulnerability is present in versions of JetBrains YouTrack prior to 2020.2.6881. ...

CVE-2020-15821

In JetBrains YouTrack before 2020.2.6881, a user without permission is able to create an article draft...

CVE-2020-15821

In JetBrains YouTrack before 2020.2.6881, a user without permission is able to create an article draft...

CVE-2020-15821

In YouTrack prior to 2020.2.6881, a user lacking the necessary permissions could create an article draft. This vulnerability (CVE-2020-15821) affects YouTrack versions up to and including 2020.2.6880, with the remediation implemented in 2020.2.6881 as noted in JetBrains’ Q2 2020 security bulletin...

CVE-2020-15821

In JetBrains YouTrack before 2020.2.6881, a user without permission is able to create an article draft...

CVE-2020-9309

Silverstripe CMS through 4.5 can be susceptible to script execution from malicious upload contents under allowed file extensions for example HTML code in a TXT file. When these files are stored as protected or draft files, the MIME detection can cause browsers to execute the file contents. Upload...

CVE-2020-9309

Silverstripe CMS through 4.5 can be susceptible to script execution from malicious upload contents under allowed file extensions for example HTML code in a TXT file. When these files are stored as protected or draft files, the MIME detection can cause browsers to execute the file contents. Upload...

Topcoder: IDOR on deleting drafts on https://apps.topcoder.com/wiki/users/viewmydrafts.action via discardDraftId parameter

Hi : On https://apps.topcoder.com/wiki/users/viewmydrafts.action, you can see your drafts, edit or delete them. Users can delete their own drafts on https://apps.topcoder.com/wiki/users/viewmydrafts.action?discardDraftId=. But there is no check and an attacker can change discardDraftId and delete...

The vulnerability of the WordPress website content management system, related to the lack of measures taken to protect the structure of web pages, allows attackers to compromise the integrity of data.

The vulnerability of the WordPress content management system is related to an error in the reproduction of XSS attacks when previewing draft posts for authorized users. Exploiting this vulnerability could allow a malicious actor to compromise the integrity of data...

Access to all question drafts in private spaces via API

h3. Issue Summary Questions leak information through private space https://asecurityteam.atlassian.net/browse/BOUNTY-2559 h3. Steps to Reproduce Access to questions in spaces is limited to those users that have access to the space. However, question drafts in a restricted space can be accessed by...

NFL Tackles Cybersecurity Concerns Ahead of 2020 Draft Day

The NFL draft is slated to start Thursday, and thanks to the COVID-19 pandemic, it will be the first virtual version of the event ever presented. This raises a few cybersecurity concerns, according to researchers and the teams themselves — but the NFL is planning on knocking the security ball...

CVE-2020-1767

Agent A is able to save a draft i.e. for customer reply. Then Agent B can open the draft, change the text completely and send it in the name of Agent A. For the customer it will not be visible that the message was sent by another agent. This issue affects: OTRS Community Edition 6.0.x version...

DEBIAN-CVE-2020-1767

Agent A is able to save a draft i.e. for customer reply. Then Agent B can open the draft, change the text completely and send it in the name of Agent A. For the customer it will not be visible that the message was sent by another agent. This issue affects: OTRS Community Edition 6.0.x version...

CVE-2020-1767

Agent A is able to save a draft i.e. for customer reply. Then Agent B can open the draft, change the text completely and send it in the name of Agent A. For the customer it will not be visible that the message was sent by another agent. This issue affects: OTRS Community Edition 6.0.x version...

UBUNTU-CVE-2020-1767

Agent A is able to save a draft i.e. for customer reply. Then Agent B can open the draft, change the text completely and send it in the name of Agent A. For the customer it will not be visible that the message was sent by another agent. This issue affects: OTRS Community Edition 6.0.x version...

CVE-2020-1767

Agent A is able to save a draft i.e. for customer reply. Then Agent B can open the draft, change the text completely and send it in the name of Agent A. For the customer it will not be visible that the message was sent by another agent. This issue affects: OTRS Community Edition 6.0.x version...

PT-2020-15044 · Otrs +1 · Otrs Community Edition +2

Name of the Vulnerable Software and Affected Versions: OTRS Community Edition versions 6.0.24 and prior versions OTRS versions 7.0.13 and prior versions Description: The issue allows one agent to send a message in the name of another agent, without the customer being aware of the change. This is...