14 matches found
EUVD-2020-2539
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2020-10074
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab 10.1 through 12.8.1 has Incorrect Access Control. A scenario was discovered in which a GitLab account could be taken over through an expired link...
BIT-GITLAB-2020-10074
GitLab 10.1 through 12.8.1 has Incorrect Access Control. A scenario was discovered in which a GitLab account could be taken over through an expired link...
CVE-2023-34357 Soar Cloud Ltd. HR Portal - Weak Password Recovery Mechanism for Forgotten Password
Soar Cloud Ltd. HR Portal has a weak Password Recovery Mechanism for Forgotten Password. The reset password link sent out through e-mail, and the link will remain valid after the password has been reset and after the expected expiration date. An attacker with access to the browser history or has...
Acronis: Any expired reset password link can still be used to reset the password
Hello Aronis team! When requesting a password reset link at https://alt.5nine.com/passwordrecovery.aspx and using it, after a short time the link becomes invalid. When I open the link I get the message: "Your validation request is invalid or expired" But it is still possible to use it to reset th...
Hitachi Content Platform Anywhere (HCP-AW) 信息泄露漏洞
Hitachi Content Platform Anywhere Hcp-Aw is a fully integrated on-premise solution from Hitachi, Japan. for providing secure file synchronization and sharing services. An information disclosure vulnerability exists in Hitachi Content Platform Anywhere HCP-AW versions 4.4.5 and earlier, which can ...
Sixt GmbH & Co. Autovermietung KG BBP: Cross domain token leakage via Referer header
Summary: The password reset link of user account on critical sixt+ domain/product can be obtained using the page https://www.sixt.com/php/profile/loginorpasswordforgotten. This page requires email address and surname/lastname of the user to send password reset link on email. This link contains th...
GitLab Access Control Error Vulnerability (CNVD-2020-17386)
GitLab is an open source application developed using Ruby on Rails that implements a self-hosted Git project repository that can be accessed through a web interface for public and private projects. An access control error vulnerability exists in GitLab 10.1 - 12.8.1. An attacker can exploit this...
CVE-2020-10074
GitLab 10.1 through 12.8.1 has Incorrect Access Control. A scenario was discovered in which a GitLab account could be taken over through an expired link...
CVE-2020-10074
GitLab 10.1 through 12.8.1 has Incorrect Access Control. A scenario was discovered in which a GitLab account could be taken over through an expired link...
Design/Logic Flaw
GitLab 10.1 through 12.8.1 has Incorrect Access Control. A scenario was discovered in which a GitLab account could be taken over through an expired link...
UBUNTU-CVE-2020-10074
GitLab 10.1 through 12.8.1 has Incorrect Access Control. A scenario was discovered in which a GitLab account could be taken over through an expired link...
CVE-2020-10074
GitLab 10.1 through 12.8.1 has Incorrect Access Control. A scenario was discovered in which a GitLab account could be taken over through an expired link...
CVE-2020-10074
Removed by vendor...