118 matches found
SAP Portfolio and Project Management Information Disclosure Vulnerability
SAP Portfolio and Project Management PPM is a suite of asset portfolio and project management software from SAP. The software supports the management of the entire project lifecycle, identifying project exceptions and risks, and reporting on project performance based on real-time data. An...
GitLab has an unspecified vulnerability (CNVD-2019-42897)
GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A security vulnerability exists in GitLab Enterprise and...
CVE-2019-14957
The JetBrains Vim plugin before version 0.52 was storing individual project data in the global vimsettings.xml file. This xml file could be synchronized to a publicly accessible GitHub repository...
CVE-2019-14957
The JetBrains Vim plugin before version 0.52 was storing individual project data in the global vimsettings.xml file. This xml file could be synchronized to a publicly accessible GitHub repository...
Design/Logic Flaw
The JetBrains Vim plugin before version 0.52 was storing individual project data in the global vimsettings.xml file. This xml file could be synchronized to a publicly accessible GitHub repository...
CVE-2019-14957
The JetBrains Vim plugin before version 0.52 was storing individual project data in the global vimsettings.xml file. This xml file could be synchronized to a publicly accessible GitHub repository...
GitLab CE/EE Information Disclosure Vulnerability (CNVD-2019-32228)
GitLab is an open source application developed using Ruby on Rails that implements a self-hosted Git project repository that can be accessed through a web interface for public and private projects.GitLab EE is the GitLab Enterprise Edition and GitLab CE is the GitLab Community Edition. GitLab CE/...
Gitlab -- Multiple Vulnerabilities
Gitlab reports: Project Template Functionality Could Be Used to Access Restricted Project Data Security Enhancements in GitLab Pages...
The vulnerability of Siemens LOGO!8 BM programmable logic controller’s microprogramming software lies in the presence of pre-installed encryption keys, which allow attackers to decrypt the project data.
The vulnerability of Siemens LOGO!8 BM programmable logic controller’s microprogramming software is related to the presence of pre-installed encryption keys. Exploiting this vulnerability allows an attacker to decrypt project data using port 10005/TCP...
GitLab Authorization Issues Vulnerability (CNVD-2019-43039)
GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. An authorization issue vulnerability exists in GitLab. Th...
HCL Exposes Customer, Personnel Info in Wide-Ranging Data Leak
IT services provider HCL Technologies has inadvertently exposed passwords, sensitive project reports and other private data of thousands of customers and internal employees on various public HCL subdomains. HCL, an $8 billion conglomerate with more than 100,000 employees, specializes in...
Hardcoded credentials
A vulnerability has been identified in LOGO! 8 BM incl. SIPLUS variants All versions V8.3. Project data stored on the device, which is accessible via port 10005/tcp, can be decrypted due to a hardcoded encryption key. The security vulnerability could be exploited by an unauthenticated attacker wi...
GitLab: Exfiltrate and mutate repository and project data through injected templated service
The GitLab import feature contains a vulnerability that allows an attacker to import a project that creates a service template. Service templates can normally only be created by a GitLab instance Administrator. When a new project is created, service templates are automatically initialized for the...
The software of the remote monitoring system Advantech WebAccess is vulnerable due to insufficient protection of the SQL query structure during authentication. This vulnerability allows attackers to execute arbitrary SQL commands and modify web server settings, user accounts, and projects.
The vulnerability of Advantech WebAccess remote monitoring software exists due to insufficient protection of the SQL query structure during authentication injection of SQL code. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL commands and modify web server settings...
CVE-2016-4867
Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to bypass access restriction to view unauthorized project information via the Project function...
SIEMENS SIMATIC CP 1543-1 Device Privilege Elevation Vulnerability
The SIEMENS SIMATIC CP 1543-1 is a communication processor with integrated firewall, VPN, security protocols, data encryption, and other security features that provides network connectivity and secure communication for s7-1500 controllers. An elevation of privilege vulnerability exists in the...
CVE-2016-5392
The API server in Kubernetes, as used in Red Hat OpenShift Enterprise 3.2, in a multi tenant environment allows remote authenticated users with knowledge of other project names to obtain sensitive project and user information via vectors related to the watch-cache list...
PHPCollab 2.5 - 'deletetopics.php' SQL Injection
Exploit Title: PHPCollab 2.5 - SQL Injection Google Dork: filetype:php inurl:"/general/login.php?PHPSESSID=" Date: 13/05/2015 Exploit Author: Wad Deek Vendor Homepage: http://www.phpcollab.com/ Software Link: http://sourceforge.net/projects/phpcollab/files/final/2.5/ Version: 2.5 +2.5...