GHSA-QJXF-6PR8-J87V Plone's authenticated users able to alter their password despite of policy definition

mailpassword.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to bypass the prohibition on password changes via the forgotten password email functionality...

GHSA-9CRX-P357-5VW8 Ajenti Cross-site scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in plugins/main/content/js/ajenti.coffee in Ajenti before 1.2.15 allows remote authenticated users to inject arbitrary web script or HTML via the command field in the Cron functionality...

Netflix Security Monkey Open Redirect vulnerability

Netflix Security Monkey before 0.8.0 has an Open Redirect. The logout functionality accepted the "next" parameter which then redirects to any domain irrespective of the Host header...

GHSA-J6JQ-3Q8P-XGG6 Netflix Security Monkey Open Redirect vulnerability

Netflix Security Monkey before 0.8.0 has an Open Redirect. The logout functionality accepted the "next" parameter which then redirects to any domain irrespective of the Host header...

GHSA-RMMF-5XHH-GG27 phpMyAdmin path disclosure

An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the expo...

TYPO3 Directory Traversal vulnerability

Directory traversal vulnerability in the TypoScript setup in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allows remote authenticated administrators to read arbitrary files via unspecified vectors related to the "file inclusion functionality."...

GHSA-FRQH-X6R7-H6MQ Cross-site Scripting in Apache Atlas

Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to Reflected XSS in the search functionality...

Cross-site Scripting in Apache Atlas

Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to DOM XSS in the edit-tag functionality...

GHSA-FV3C-6CW7-2QCQ Jenkins Poll SCM Plugin vulnerable to Cross-Site Request Forgery

Jenkins Poll SCM Plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks. This allowed attackers to initiate polling of projects with a known name. While Jenkins in general does not consider polling to be a protection-worthy acti...

NVIDIA nvwgf2umx_cfg.dll shader DCL_INDEXRANGE memory corruption vulnerability

Summary A memory corruption vulnerability exists in the shader DCLINDEXRANGE functionality of NVIDIA D3D10 Driver version 496.76, 30.0.14.9676. A specially-crafted executable/shader file can lead to memory corruption. This vulnerability potentially could be triggered from guest machines running...

YearnTokenAdapter's wrap can become stuck as it uses one step approval for an arbitrary underlying

Lines of code Vulnerability details Some tokens do not allow for approval of positive amount when allowance is positive already to handle approval race condition, most known example is USDT. This can cause the function to stuck whenever a combination of such a token and leftover approval be met...

SimpleSAMLphp saml2 incorrect signature validation

HTTPRedirect.php in the saml2 library in SimpleSAMLphp before 1.15.4 has an incorrect check of return values in the signature validation utilities, allowing an attacker to get invalid signatures accepted as valid by forcing an error during validation. This occurs because of a dependency on PHP...

Airbnb Knowledge Repo XSS In Comments

Cross-site scripting XSS vulnerability in Airbnb Knowledge Repo prior to 0.9.0 allows remote attackers to inject arbitrary web scripts or HTML via the post comments functionality, as demonstrated by the post/posts/newreport.kp URI...

Improper access control

A vulnerability in Mitel 6900 Series IP MiNet phones excluding 6970, versions 1.8 1.8.0.12 and earlier, could allow a unauthenticated attacker with physical access to the phone to gain root access due to insufficient access control for test functionality during system startup. A successful exploi...

GHSA-JP4G-R8C9-3534 Moodle Blind SSRF Risk in /badges/mybackpack.php

A flaw was found in Moodle versions 3.1 to 3.1.15 and earlier unsupported versions. The mybackpack functionality allowed setting the URL of badges, when it should be restricted to the Mozilla Open Badges backpack URL. This resulted in the possibility of blind SSRF via requests made by the page...

GHSA-236H-R3W7-C85C Cross-site Scripting in Apache Atlas

Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to Stored Cross-Site Scripting in the edit-tag functionality...

Moodle vulnerable to Cross-site Scripting

Multiple cross-site scripting XSS vulnerabilities in the course-tags functionality in tag/coursetagsmore.php in Moodle 2.0.x before 2.0.2 allow remote attackers to inject arbitrary web script or HTML via the 1 sort or 2 show parameter...

GHSA-3RQJ-JCHW-9CC7 Moodle Authentication Bypass in Question-Bank

The question-bank functionality in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass intended capability requirements and save questions via a savequestion action...

Moodle Users Can Bypass Deleted Status

The webservices functionality in Moodle 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 allows remote authenticated users to bypass the deleted status and continue using a server via a token...

GHSA-CR78-RPHW-W73P Moodle Arbitrary File Read via Backup Functionality

The moodle1 backup converter in backup/converter/moodle1/lib.php in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly validate pathnames, which allows remote authenticated users to read arbitrary files by leveraging the backup-restoration...