EUVD-2015-1084

Malware in sbrugna...

Malicious code in gitter-irc-bridge (npm)

The package gitter-irc-bridge was found to contain malicious code...

MAL-2025-21494 Malicious code in gitter-irc-bridge (npm)

The package gitter-irc-bridge was found to contain malicious code...

CVE-2015-10071

A vulnerability was found in gitter-badger ezpublish-modern-legacy. It has been rated as problematic. This issue affects some unknown processing of the file kernel/user/forgotpassword.php. The manipulation leads to weak password recovery. The complexity of an attack is rather high. The exploitati...

CVE-2014-5023

Repository.php in Gitter, as used in Gitlist, allows remote attackers with commit privileges to execute arbitrary commands via shell metacharacters in a branch name, as demonstrated by a "git checkout -b" command...

CVE-2015-10071

A vulnerability was found in gitter-badger ezpublish-modern-legacy. It has been rated as problematic. This issue affects some unknown processing of the file kernel/user/forgotpassword.php. The manipulation leads to weak password recovery. The complexity of an attack is rather high. The exploitati...

Design/Logic Flaw

A vulnerability was found in gitter-badger ezpublish-modern-legacy. It has been rated as problematic. This issue affects some unknown processing of the file kernel/user/forgotpassword.php. The manipulation leads to weak password recovery. The complexity of an attack is rather high. The exploitati...

CVE-2015-10071

CVE-2015-10071 affects gitter-badger ezpublish-modern-legacy. The vulnerability involves the file kernel/user/forgotpassword.php, causing weak password recovery due to a flawed handling. Exploitation is described as difficult with high complexity and requires no user interaction; attack vector is...

CVE-2015-10071 gitter-badger ezpublish-modern-legacy forgotpassword.php password recovery

A vulnerability was found in gitter-badger ezpublish-modern-legacy. It has been rated as problematic. This issue affects some unknown processing of the file kernel/user/forgotpassword.php. The manipulation leads to weak password recovery. The complexity of an attack is rather high. The exploitati...

Spring Boot 3.0.1 available now

On behalf of the team and everyone who has contributed, Im happy to announce that Spring Boot 3.0.1 has been released and is now available from Maven Central. This release includes 54 bug fixes, documentation improvements, and dependency upgrades. Thanks to all those who have contributed with iss...

Authentication Bypass in ADOdb/ADOdb

Impact An attacker can inject values into a PostgreSQL connection string by providing a parameter surrounded by single quotes. Depending on how the library is used in the client software, this may allow an attacker to bypass the login process, gain access to the server's IP address, etc. Patches...

GHSA-65MJ-7C86-79JF Authentication Bypass in ADOdb/ADOdb

Impact An attacker can inject values into a PostgreSQL connection string by providing a parameter surrounded by single quotes. Depending on how the library is used in the client software, this may allow an attacker to bypass the login process, gain access to the server's IP address, etc. Patches...

Bbrecon - Python Library And CLI For The Bug Bounty Recon API

Bug Bounty Recon bbrecon is a free Recon-as-a-Service for bug bounty hunters and security researchers. The API aims to provide a continuously up-to-date map of the Internet "safe harbor" attack surface, excluding out-of-scope targets. It comes with an ergonomic CLI and Python library. This...

SQL injection in Tortoise ORM

Impact Various forms of SQL injection has been found, for MySQL and when filtering or doing mass-updates on char/text fields. SQLite & PostgreSQL was only affected when filtering with contains, startswith or endswith filters and their case-insensitive counterparts Patches Please upgrade to 0.15.2...

GitLab: Inadequate cache control in gitter allows to view private chat room

Hi Gitlab, Summary: I have found a inadequate cache control vulnerability in Gitter. Description: You can use the backspace button to get the full access to the account. There is no cache control and the browser saves sensitive information of a private chat room. This report is influenced by the...

CVE-2014-5023

Repository.php in Gitter, as used in Gitlist, allows remote attackers with commit privileges to execute arbitrary commands via shell metacharacters in a branch name, as demonstrated by a "git checkout -b" command...

CVE-2014-5023

Repository.php in Gitter, as used in Gitlist, allows remote attackers with commit privileges to execute arbitrary commands via shell metacharacters in a branch name, as demonstrated by a "git checkout -b" command...

CVE-2014-5023

CVE-2014-5023 : In Gitter (as used by Gitlist), Repository.php allowed remote attackers with commit privileges to run arbitrary commands via shell metacharacters in a branch name, e.g., using a malicious "git checkout -b". The NVD entry lists a MEDIUM 6.8 CVSS score. Connected sources (Red Hat, C...