CVE-2019-19392

The forDNN.UsersExportImport module before 1.2.0 for DNN formerly DotNetNuke allows an unprivileged user to import create new users with Administrator privileges, as demonstrated by Roles="Administrators" in XML or CSV data...

OPENSUSE-SU-2020:0087-1 Security update for tigervnc

This update for tigervnc fixes the following issues: - CVE-2019-15691: Fixed a use-after-return due to incorrect usage of stack memory in ZRLEDecoder bsc1159856. - CVE-2019-15692: Fixed a heap-based buffer overflow in CopyRectDecode bsc1160250. - CVE-2019-15693: Fixed a heap-based buffer overflow...

VulnCheck KEV: CVE-2019-0193

The optional Apache Solr module DataImportHandler contains a code injection vulnerability...

GitLab EE Information Disclosure Vulnerability

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A security vulnerability exists in GitLab Community Editi...

CVE-2020-6832

An issue was discovered in GitLab Enterprise Edition EE 8.9.0 through 12.6.1. Using the project import feature, it was possible for someone to obtain issues from private projects...

CVE-2020-6832

An issue was discovered in GitLab Enterprise Edition EE 8.9.0 through 12.6.1. Using the project import feature, it was possible for someone to obtain issues from private projects...

Design/Logic Flaw

An issue was discovered in GitLab Enterprise Edition EE 8.9.0 through 12.6.1. Using the project import feature, it was possible for someone to obtain issues from private projects...

CVE-2020-6832

An issue was discovered in GitLab Enterprise Edition EE 8.9.0 through 12.6.1. Using the project import feature, it was possible for someone to obtain issues from private projects...

CVE-2020-6832

An issue was discovered in GitLab Enterprise Edition EE 8.9.0 through 12.6.1. Using the project import feature, it was possible for someone to obtain issues from private projects...

CVE-2020-6832

GitLab Enterprise Edition (EE) versions 8.9.0–12.6.1 contain an information-disclosure vulnerability in the project import feature that can let an attacker obtain issues from private projects. The issue is confirmed across multiple sources (OSV/OSVBIT-GITLAB-2020-6832, NVD, CNVD, CNVD-2020-02283)...

CVE-2020-6832

Removed by vendor...

PT-2020-19251 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab Enterprise Edition versions 8.9.0 through 12.6.1 Description: An issue was discovered that allows someone to obtain issues from private projects using the project import feature. Recommendations: For GitLab Enterprise Edition versions...

Gitlab -- Private objects exposed through project import

Gitlab reports: Private objects exposed through project importi...

The first Zbrunk dashboard and other news

The long New Year holiday season in Russia was not in vain. I had time to work on Zbrunk. As you can see, I made my first dashboard and added other features. No more timestamps in code I added functions to get Unix timestamps from lines in human-readable time format, e.g. "2019.12.10 13:00:00"...

WordPress Import Users From CSV with Meta plugin 1.15 - Unauthorised Authenticated Users Export vulnerability

Unauthorised Authenticated Users Export vulnerability found in WordPress Import Users From CSV with Meta plugin version 1.15. Solution Update WordPress Import Users From CSV with Meta plugin to the latest available version at least 1.15.0.1...

GitLab: Private objects exposed through project import

Summary This is a bypass of https://hackerone.com/reports/743953 , the current fix is blocking all "ids" attributes. However an attacker could still set attributes like issueids by indrectly settings the field within the attributes field it self: project.json "attributes": "issueids": 29279725 ,...

git: Arbitrary path overwriting via export-marks in-stream command feature

A flaw was found in the git fast-import command where it provides the export-marks feature that may unexpectedly overwrite arbitrary paths. An attacker can abuse this flaw if they can control the input passed to the fast-import command by using the export-marks feature and overwrite arbitrary...

WordPress Import Legacy Media Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Import Legacy Media is a media file import plugin used in it. A cross-site scripting vulnerability exists in WordPress Import Legacy...

Import Users From CSV with Meta 1.15 - Unauthorised Authenticated Users Export

The exportuserscsv function, registered as an authenticated AJAX call and allowing to export users, was missing the authorisation/capability check. CSRF check was in place, reducing the severity of the issue. Only version 1.15 seems to be affected as the export functionality is a new feature...

Code injection

An import error was introduced in Cumin in the code refactoring in r5310. Server certificate validation is always disabled when connecting to Aviary servers, even if the installed packages on a system support it...