Discourse 安全漏洞

Discourse is an open source community discussion platform from Discourse Open Source. The platform includes features such as communities, email and chat rooms. A security vulnerability exists in Discourse that stems from allowing users to view topics with hidden labels with knowledge of the...

PT-2024-22616 · Unknown · Swift Prometheus

Name of the Vulnerable Software and Affected Versions: Swift Prometheus versions prior to 2.0.0-alpha.2 Description: The issue arises when un-sanitized string values are applied into metric names or labels, allowing an attacker to send a ?lang query parameter with newlines, or similar characters...

OSV-2021-1493 Global-buffer-overflow in fb_label_name

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40368 Crash type: Global-buffer-overflow WRITE 1 Crash state: fblabelname readasourcefile performanassemblypass...

FreeBSD : Gitlab -- Multiple Vulnerabilities (1cd89254-b2db-11e9-8001-001b217b3468)

Gitlab reports : GitHub Integration SSRF Trigger Token Impersonation Build Status Disclosure SSRF Mitigation Bypass Information Disclosure New Issue ID IDOR Label Name Enumeration Persistent XSS Wiki Pages User Revokation Bypass with Mattermost Integration Arbitrary File Upload via Import Project...

LimeSurvey 2.00+ (build 131107) - Multiple Vulnerabilities

LimeSurvey 2.00+ build 131107 - Multiple Vulnerabilities LimeSurvey v2.00+ build 131107 Script Insertion And SQL Injection Vulnerability Vendor: LimeSurvey Project Team Product web page: http://www.limesurvey.org Affected version: 2.00+ build 131009 2.00+ build 131022 2.00+ build 131031 2.00+...

CVE-2012-4579

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 3.5.x before 3.5.2.2 allow remote authenticated users to inject arbitrary web script or HTML via a Table Operations 1 TRUNCATE or 2 DROP link for a crafted table name, 3 the Add Trigger popup within a Triggers page that references...