9787 matches found
CVE-2017-15137
The OpenShift image import whitelist failed to enforce restrictions correctly when running commands such as "oc tag", for example. This could allow a user with access to OpenShift to run images from registries that should not be allowed...
CVE-2017-18101
Various administrative external system import resources in Atlassian JIRA Server including JIRA Core before version 7.6.5, from version 7.7.0 before version 7.7.3, from version 7.8.0 before version 7.8.3 and before version 7.9.0 allow remote attackers to run import operations and to determine if ...
CVE-2017-18101
Various administrative external system import resources in Atlassian JIRA Server including JIRA Core before version 7.6.5, from version 7.7.0 before version 7.7.3, from version 7.8.0 before version 7.8.3 and before version 7.9.0 allow remote attackers to run import operations and to determine if ...
Privilege escalation
Various administrative external system import resources in Atlassian JIRA Server including JIRA Core before version 7.6.5, from version 7.7.0 before version 7.7.3, from version 7.8.0 before version 7.8.3 and before version 7.9.0 allow remote attackers to run import operations and to determine if ...
CVE-2017-18101
This CVE affects Atlassian Jira Server (including JIRA Core) prior to versions 7.6.5, 7.7.0 prior to 7.7.3, 7.8.0 prior to 7.8.3, and prior to 7.9.0. The issue permits remote attackers to perform import operations and to determine whether an internal service exists due to missing permission check...
CVE-2017-18101
Various administrative external system import resources in Atlassian JIRA Server including JIRA Core before version 7.6.5, from version 7.7.0 before version 7.7.3, from version 7.8.0 before version 7.8.3 and before version 7.9.0 allow remote attackers to run import operations and to determine if ...
Missing authentication checks in various administrative system import resources - CVE-2017-18101
Various administrative external system import resources in Atlassian JIRA Server including JIRA Core before version 7.6.5, from version 7.7.0 before version 7.7.3, from version 7.8.0 before version 7.8.3 and before version 7.9.0 allow remote attackers to run import operations and to determine if ...
Missing authentication checks in various administrative system import resources - CVE-2017-18101
Various administrative external system import resources in Atlassian JIRA Server including JIRA Core before version 7.6.5, from version 7.7.0 before version 7.7.3, from version 7.8.0 before version 7.8.3 and before version 7.9.0 allow remote attackers to run import operations and to determine if ...
WooCommerce CSV-Importer-Plugin 3.3.6 Remote Code Execution
Exploit Title: Plugin Woocommerce CSV importer 3.3.6 a RCE a Unlink Date: 08/04/2018 Exploit Author: Lenon Leite Vendor Homepage: https://wordpress.org/plugins/woocommerce-csvimport/ Software Link: https://wordpress.org/plugins/woocommerce-csvimport/ Contact: http://twitter.com/lenonleite Website...
DEBIAN-CVE-2018-1308
This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 relates to an XML external entity expansion XXE in the &dataConfig= parameter of Solr's DataImportHandler. It can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the...
CVE-2017-18097
The Trello board importer resource in Atlassian Jira before version 7.6.1 allows remote attackers who can convince a Jira administrator to import their Trello board to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the title of a Trello card...
The vulnerability of the “go get” command implementation in the Go programming language allows a perpetrator to execute arbitrary commands.
The vulnerability of the “go get” command in the Go programming language exists due to insufficient validation of input data insufficient checking of the import path when using the “-insecure” option. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using a...
How to Generate and Install an SSL Certificate on a StoreFront Server for HTTPS connections
This article explains how to generate and install an SSL certificate on a StoreFront server for HTTPS connections. If you have already generated an SSL certificate on one of your StoreFront servers in the StoreFront server group, you can just export the existing SSL certificate and import the...
atomic-openshift: image import whitelist can be bypassed by creating an imagestream or using oc tag
The OpenShift image import whitelist failed to enforce restrictions correctly when running commands such as "oc tag", for example. This could allow a user with access to OpenShift to run images from registries that should not be allowed...
textpattern denial of service vulnerability
textpattern is an excellent blogging system. A security vulnerability exists in the Import XML feature in textpattern version 4.6.2. An attacker can exploit this vulnerability by uploading a specially crafted XML file to cause a denial of service exhaustion of server memory resources...
Gitlab GitlabProjectsImportService Remote Code Execution Vulnerability
GitLab is a set of open source applications developed using Ruby on Rails to implement a self-hosted Git version control system project repository, which has similar functionality to Github, with access to a project's file contents, commit history, bug lists, etc. The GitLab Community Edition CE ...
Gitlab project import component remote code execution vulnerability
GitLab is a set of open source applications developed using Ruby on Rails to implement a self-hosted Git version control system project repository , which has similar features to Github , you can access the project's file content , commit history , bug lists , etc. GitLab Community Edition CE is...
CVE-2018-3710
Gitlab Community and Enterprise Editions version 10.3.3 is vulnerable to an Insecure Temporary File in the project import component resulting remote code execution...
CVE-2018-3710
Gitlab Community and Enterprise Editions version 10.3.3 is vulnerable to an Insecure Temporary File in the project import component resulting remote code execution...
Remote code execution
Gitlab Community and Enterprise Editions version 10.3.3 is vulnerable to an Insecure Temporary File in the project import component resulting remote code execution...