27 matches found
EUVD-2024-24826
Malicious code in bioql PyPI...
EUVD-2024-24824
Malicious code in bioql PyPI...
CVE-2024-29399
An issue was discovered in GNU Savane v.3.13 and before, allows a remote attacker to execute arbitrary code and escalate privileges via a crafted file to the upload.php component...
CVE-2024-27630
Insecure Direct Object Reference IDOR in GNU Savane v.3.12 and before allows a remote attacker to delete arbitrary files via crafted input to the trackersdatadeletefile function...
CVE-2024-27632
An issue in GNU Savane v.3.12 and before allows a remote attacker to escalate privileges via the formid in the formheader function...
CVE-2024-27631
Cross Site Request Forgery vulnerability in GNU Savane v.3.12 and before allows a remote attacker to escalate privileges via siteadmin/usergroup.php...
CVE-2024-29399
An issue was discovered in GNU Savane v.3.13 and before, allows a remote attacker to execute arbitrary code and escalate privileges via a crafted file to the upload.php component...
CVE-2024-29399
An issue was discovered in GNU Savane v.3.13 and before, allows a remote attacker to execute arbitrary code and escalate privileges via a crafted file to the upload.php component...
CVE-2024-29399
An issue was discovered in GNU Savane v.3.13 and before, allows a remote attacker to execute arbitrary code and escalate privileges via a crafted file to the upload.php component...
PT-2024-22879 · Gnu · Gnu Savane
Name of the Vulnerable Software and Affected Versions: GNU Savane versions 3.13 and earlier Description: An issue allows a remote attacker to execute arbitrary code and escalate privileges via a crafted file to the "upload.php" component. Recommendations: For GNU Savane versions 3.13 and earlier,...
GNU Savane 安全漏洞
GNU Savane is a collaborative software development management system for the US GNU community. A security vulnerability exists in GNU Savane v.3.13 and earlier versions, which stems from a vulnerability that could allow a remote attacker to execute arbitrary code and escalate privileges via a...
GNU Savane Cross-Site Request Forgery Vulnerability
GNU Savane is a collaborative software development management system for the US GNU community. GNU Savane suffers from a cross-site request forgery vulnerability that arises from a WEB application that does not adequately verify that a request is from a trusted user. No details of the vulnerabili...
GNU Savane Insecure Direct Object Reference Vulnerability
GNU Savane is a collaborative software development management system for project management, code hosting and community collaboration. GNU Savane suffers from an insecure direct object reference vulnerability that arises from an application that does not properly implement access control mechanis...
GNU Savane Elevation of Privilege Vulnerability
GNU Savane is a collaborative software development management system developed by the GNU community for project management, code hosting and community collaboration. GNU Savane suffers from an elevation of privilege vulnerability, which originates in the formid in the formheader function and can ...
CVE-2024-27632
An issue in GNU Savane v.3.12 and before allows a remote attacker to escalate privileges via the formid in the formheader function...
CVE-2024-27631
Cross Site Request Forgery vulnerability in GNU Savane v.3.12 and before allows a remote attacker to escalate privileges via siteadmin/usergroup.php...
CVE-2024-27631
Cross Site Request Forgery vulnerability in GNU Savane v.3.12 and before allows a remote attacker to escalate privileges via siteadmin/usergroup.php...
CVE-2024-27630
Insecure Direct Object Reference IDOR in GNU Savane v.3.12 and before allows a remote attacker to delete arbitrary files via crafted input to the trackersdatadeletefile function...
CVE-2024-27630
Insecure Direct Object Reference IDOR in GNU Savane v.3.12 and before allows a remote attacker to delete arbitrary files via crafted input to the trackersdatadeletefile function...
PT-2024-21979
Name of the Vulnerable Software and Affected Versions: GNU Savane versions 3.12 and earlier Description: A Cross Site Request Forgery issue allows a remote attacker to escalate privileges via the "siteadmin/usergroup.php" endpoint. This can be exploited to gain unauthorized access. Recommendation...