39 matches found
EUVD-2019-6561
Malware in sbrugna...
CVE-2025-54834
OPEXUS FOIAXpress Public Access Link PAL version v11.1.0 allows an unauthenticated, remote attacker to query the /App/CreateRequest.aspx endpoint to check for the existence of valid usernames. There are no rate-limiting mechanisms in place...
CVE-2019-15594
GitLab 11.8 and later contains a security vulnerability that allows a user to obtain details of restricted pipelines via the merge request endpoint...
Fortinet FortiOS 安全漏洞
Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam and other security features. Fortinet FortiOS has a security...
SiYuan has an arbitrary file deletion vulnerability
Summary A arbitrary file deletion vulnerability has been identified in the latest version of Siyuan Note. The vulnerability exists in the POST /api/history/getDocHistoryContent endpoint.An attacker can craft a payload to exploit this vulnerability, resulting in the deletion of arbitrary files on...
PT-2024-5306 · Phpipam · Phpipam
Name of the Vulnerable Software and Affected Versions: phpipam version 1.6 Description: The issue is related to a Cross Site Scripting XSS vulnerability. It affects the /app/tools/request-ip/index.php endpoint. The vulnerability exists due to insufficient protection of the web page structure,...
PT-2024-24615 · Znuny +1 · Znuny +2
Name of the Vulnerable Software and Affected Versions: Znuny LTS versions 6.5.1 through 6.5.7 Znuny versions 7.0.1 through 7.0.16 Description: An issue was discovered where a logged-in agent is able to inject SQL in the draft form ID parameter of an AJAX request. Recommendations: For Znuny LTS...
PT-2023-14304
Name of the Vulnerable Software and Affected Versions Apache Superset versions 1.5.2 and prior Apache Superset version 2.0.0 Description The issue concerns two legacy REST API endpoints for approval and request access that are vulnerable to cross-site request forgery. Recommendations For Apache...
PT-2022-25542 · Ocomon · Ocomon
Name of the Vulnerable Software and Affected Versions: OcoMon version 4.0RC1 Description: The issue is related to Incorrect Access Control. Through a request, a user can obtain the real email, and by sending the same request with the correct email, it is possible to perform an account takeover...
CVE-2022-31976
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=deleterequest...
CVE-2020-5290 session fixation in rCTF
In RedpwnCTF before version 2.3, there is a session fixation vulnerability in exploitable through the token=$ssid hash when making a request to the /verify endpoint. An attacker team could potentially steal flags by, for example, exploiting a stored XSS payload in a CTF challenge so that victim...
CVE-2019-15594
GitLab 11.8 and later contains a security vulnerability that allows a user to obtain details of restricted pipelines via the merge request endpoint...
Improper access control
GitLab 11.8 and later contains a security vulnerability that allows a user to obtain details of restricted pipelines via the merge request endpoint...
CVE-2019-15594
GitLab 11.8 and later contains a security vulnerability that allows a user to obtain details of restricted pipelines via the merge request endpoint...
CVE-2019-15594
Removed by vendor...
web-console: XSS in OAuth server /oauth/token/request endpoint
A flaw was found in the /oauth/token/request custom endpoint of the OpenShift OAuth server allowing for XSS generation of CLI tokens due to missing X-Frame-Options and CSRF protections. If not otherwise prevented, a separate XSS vulnerability via JavaScript could further allow for the extraction ...
PT-2019-16750 · Red Hat · Openshift Oauth Server
Name of the Vulnerable Software and Affected Versions: OpenShift OAuth server affected versions not specified Description: A flaw was found in the "/oauth/token/request" custom endpoint of the OpenShift OAuth server, allowing for XSS generation of CLI tokens due to missing X-Frame-Options and CSR...
GitLab CE/EE Information Disclosure Vulnerability (CNVD-2018-26955)
GitLab is a set of open source applications developed using Ruby on Rails to implement a self-hosted Git version control system project repository, which has similar functionality to Github for accessing the contents of a project's files, commit history, bug lists, and more. An information...
CVE-2016-1317
Cisco Unified Communications Manager 11.50.98000.480 allows remote authenticated users to obtain sensitive database table-name and entity-name information via a direct request to an unspecified URL, aka Bug ID CSCuy11098...