12 matches found
EUVD-2019-15051
Malware in sbrugna...
EUVD-2025-29704
Malicious code in bioql PyPI...
CVE-2025-59456
In JetBrains TeamCity before 2025.07.2 path traversal was possible during project archive upload...
CVE-2025-59456
In JetBrains TeamCity before 2025.07.2 path traversal was possible during project archive upload...
CVE-2025-59456
CVE-2025-59456 affects JetBrains TeamCity prior to 2025.07.2, where path traversal was possible during project archive upload. The vulnerability is caused by insufficient filtering of path elements when uploading a project archive, enabling access/manipulation of files via crafted archive paths. ...
JetBrains TeamCity 安全漏洞
JetBrains TeamCity is a Continuous Integration/Continuous Deployment CI/CD tool developed by JetBrains to automate the software build, test, and deployment process with support for multiple programming languages and tools. JetBrains TeamCity suffers from a path traversal vulnerability that stems...
Cross site scripting
eDEX-UI is a science fiction terminal emulator. Versions 2.2.8 and prior are vulnerable to cross-site websocket hijacking. When running eDEX-UI and browsing the web, a malicious website can connect to eDEX's internal terminal control websocket, and send arbitrary commands to the shell. The projec...
Granting the 'Browse Project Archive' permission to a 'Custom Field' within a permission scheme allows all users to see archived issues in result set
h3. Issue Summary If within a project the 'Browse Project Archive' and 'Browse Project' permissions are granted to 'Group Custom Field' or to the 'Reporter' option within the permission scheme, the project will become available to search for any user with the 'Browse Project Archive' permission i...
GitLab Insecure Direct Object Reference Vulnerability
GitLab is an open source application developed using Ruby on Rails that implements a self-hosted Git project repository that can be accessed through a web interface for public and private projects. An insecure direct object reference vulnerability exists in GitLab versions prior to 12.1.2, 12.0.4...
CVE-2019-5469
An IDOR vulnerability exists in GitLab v12.1.2, v12.0.4, and v11.11.6 that allowed uploading files from project archive to replace other users files potentially allowing an attacker to replace project binaries or other uploaded assets...
FreeBSD : Gitlab -- Multiple Vulnerabilities (1cd89254-b2db-11e9-8001-001b217b3468)
Gitlab reports : GitHub Integration SSRF Trigger Token Impersonation Build Status Disclosure SSRF Mitigation Bypass Information Disclosure New Issue ID IDOR Label Name Enumeration Persistent XSS Wiki Pages User Revokation Bypass with Mattermost Integration Arbitrary File Upload via Import Project...
GitLab: Importing GitLab project archives can replace uploads of other users
Summary Importing a modified exported GitLab project archive can overwrite uploads for other users. If the secret and file name of an upload are known these can be easily identified for any uploads to public repositories, any user can import a new project which overwrites the served content of th...