72 matches found
EUVD-2017-0065
Malware in sbrugna...
EUVD-2016-4167
Malware in sbrugna...
EUVD-2015-0026
Malware in sbrugna...
EUVD-2017-0066
Malware in sbrugna...
EUVD-2015-0027
Malware in sbrugna...
EUVD-2022-2960
Malicious code in bioql PyPI...
Kallithea cross-site scripting (XSS) vulnerability
Multiple cross-site scripting XSS vulnerabilities in the administration pages in Kallithea before 0.2.1 allow remote attackers to inject arbitrary web script or HTML via the 1 first name or 2 last name user details, or the 3 repository, 4 repository group, or 5 user group description...
Kallithea cross-site request forgery (CSRF) vulnerability
Cross-site request forgery CSRF vulnerability in Kallithea before 0.2...
GHSA-HHX9-4VW2-X54R RhodeCode and Kallithea are vulnerable to sensitive information disclosure
RhodeCode before 2.2.7 and Kallithea 0.1 allows remote authenticated users to obtain API keys and other sensitive information via the getrepo API method...
GHSA-6FGP-29MF-CHHC Kallithea cross-site request forgery (CSRF) vulnerability
Cross-site request forgery CSRF vulnerability in Kallithea before 0.2...
RhodeCode and Kallithea are vulnerable to sensitive information disclosure
RhodeCode before 2.2.7 and Kallithea 0.1 allows remote authenticated users to obtain API keys and other sensitive information via the getrepo API method...
GHSA-VFG9-PHJP-9FRW Kallithea CRLF injection vulnerability
CRLF injection vulnerability in Kallithea before 0.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the camefrom parameter to admin/login...
Kallithea CRLF injection vulnerability
CRLF injection vulnerability in Kallithea before 0.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the camefrom parameter to admin/login...
GHSA-FH5C-7GMG-XMP6 Kallithea cross-site scripting (XSS) vulnerability
Multiple cross-site scripting XSS vulnerabilities in the administration pages in Kallithea before 0.2.1 allow remote attackers to inject arbitrary web script or HTML via the 1 first name or 2 last name user details, or the 3 repository, 4 repository group, or 5 user group description...
Kallithea Routes CSRF Bypass
Routes in Kallithea before 0.3.2 allows remote attackers to bypass the CSRF protection by using the GET HTTP request method...
GHSA-799H-QR84-PCRP Kallithea Routes CSRF Bypass
Routes in Kallithea before 0.3.2 allows remote attackers to bypass the CSRF protection by using the GET HTTP request method...
HTTP Response Splitting
kallithea is vulnerable to HTTP Response Splitting. It is possible because it does not escape the user-provided input from GET 'camefrom' parameter in the login instance, allowing an attacker to inject malicious HTTP headers to control the remaining headers and body of the response of the...
Cross-site Request Forgery (CSRF)
kallithea is vulnerable to cross-site request forgery CSRF attacks. The application does not use any CSRF protections when authenticating, allowing a malicious user to create a link that can be used with social engineering to gain access to another user's account...
Kallithea < 0.3.2 Multiple Vulnerabilities
Kallithea is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:kallithea:kallithea"; ifdescripti...
Kallithea < 0.2 CSRF Vulnerability
A vulnerability has been found in Kallithea, allowing attackers to gain unauthorised access to the account of a logged in user. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...