61 matches found
CVE-2023-43777
Eaton easySoft software is used to program easy controllers and displays for configuring, programming and defining parameters for all the intelligent relays. This software has a password protection functionality to secure the project file from unauthorized access. This password was being stored...
Attacker can prevent other projects from using a custom token
Lines of code Vulnerability details Impact A malicious project owner or an attacker can front-run the JBTokenStore.changeFor function and "steal" the token for their own project. This token can then not be used for any other project as long as it's assigned to a project due to projectOftoken != 0...
Insurance Management System 1.0 SQL Injection
Title: Insurance Management System v1.0 SQLi Author: nu11secur1ty Date: 03.12.2022 Vendor: https://itsourcecode.com/free-projects/php-project/php-projects-source-code-free-downloads/ Software:...
GitLab 授权问题漏洞
GitLab is a self-hosted, Git version control system project repository application developed using Ruby on Rails by GitLab, Inc. The application can be used to access a project's file content, commit history, bug list, etc. An authorization issue vulnerability exists in GitLab CE/EE, which can be...
CVE-2021-22264
Removed by vendor...
Pages Restriction Access - Critical - Access bypass - SA-CONTRIB-2021-024
This project enables administrators to restrict access from anonymous and regular users to pre-defined pages. The administration routes used by the project lacked proper permissions, allowing untrusted users to access, create and modify the module's settings...
CVE-2020-13351
Removed by vendor...
User has access to project and repository after global permission has been removed
h3. Problem User has access to project and repository after global permission has been removed. Conversely, a user in this affected state will be greeted with "permission denied" even after the global permission has been re-granted to the user. h3. Environment - Tested on 7.5 and 7.3 h3. Steps to...
CVE-2020-13320
Removed by vendor...
Default configuration
In "I hate money" before version 4.1.5, an authenticated member of one project can modify and delete members of another project, without knowledge of this other project's private code. This can be further exploited to access all bills of another project without knowledge of this other project's...
PYSEC-2020-264
In "I hate money" before version 4.1.5, an authenticated member of one project can modify and delete members of another project, without knowledge of this other project's private code. This can be further exploited to access all bills of another project without knowledge of this other project's...
Man-in-the-middle
atmosphere-project is vulnerable to man-in-the-middle attack. The attack is possible because it does not use HTTPS to download dependencies, allowing an attacker to manipulate the dependencies...
FreeBSD-SA-19:23.midi
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-19:23.midi Security Advisory The FreeBSD Project Topic: kernel memory disclosure from /dev/midistat Category: core Module: sound Announced: 2019-08-20 Credits:...
Improper neutralization of item names in projects feature (NC-SA-2020-008)
Improper neutralization of file names, conversation names and board names in Nextcloud Server 16.0.3, Nextcloud Talk 6.0.3 and Nextcloud Deck 0.6.5 causes an XSS when linking them with each others in a project...
Scanner-Cli - A Project Security/Vulnerability/Risk Scanning Tool
The Hawkeye scanner-cli is a project security, vulnerability and general risk highlighting tool. It is meant to be integrated into your pre-commit hooks and your pipelines. Running and configuring the scanner The Hawkeye scanner-cli assumes that your directory structure is such that it keeps the...
Non-standard PCI device functionality may render pass-through insecure
ISSUE DESCRIPTION Devices with capabilities or defects that are undocumented or that virtualization software is unaware of may allow guests to control parts of the host that they shouldn't be in control of. Here are some examples of the kind of problem: While XSA-120 deals with standard PCI confi...
Localize: Deleting groups in any project without permission
If you can make a group then why can't you delete the group :P With same method of creating the group you can delete the group But have some restrictions :/ : 1 in any project you ll not get to know the deleteGroupid 2 May be I'm only one who is making groups now so i can assume the deleteGroupid...
[SECURITY] [DSA 243-1] New kdemultimedia packages fix several vulnerabilities
-------------------------------------------------------------------------- Debian Security Advisory DSA 243-1 [email protected] http://www.debian.org/security/ Martin Schulze January 24th, 2003 http://www.debian.org/security/faq -...
Security Update for Microsoft Project 2010 (KB3085614) 32-Bit Edition
A security vulnerability exists in Microsoft Project 2010 32-Bit Edition that could allow arbitrary code to run when a maliciously modified file is opened. This update resolves that vulnerability...
Security Update for Microsoft Project 2010 (KB4484387) 32-Bit Edition
A security vulnerability exists in Microsoft Project 2010 32-Bit Edition that could allow arbitrary code to run when a maliciously modified file is opened. This update resolves that vulnerability...