Cross site request forgery (csrf)

In Octopus Deploy versions 3.0.19 to 2019.7.2, when a web request proxy is configured, an authenticated user in certain limited circumstances could trigger a deployment that writes the web request proxy password to the deployment log in cleartext. This is fixed in 2019.7.3. The fix was back-porte...

CVE-2019-14268

CVE-2019-14268 affects Octopus Deploy versions 3.0.19 through 2019.7.2 where, if a web request proxy is configured, an authenticated user could trigger a deployment that writes the web request proxy password to the deployment log in cleartext. The issue is fixed in 2019.7.3, with the fix back-por...

The vulnerability of the Mozilla SeaMonkey software package, which allows a malicious individual to execute arbitrary code or trigger a service denial.

Mozilla SeaMonkey software contains a vulnerability related to errors in memory management after the imgRequestProxy function releases memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code, using values of the content types from the image data...

The vulnerability of the Firefox ESR browser allows a malicious individual to execute arbitrary code or trigger a service failure.

The Mozilla Firefox ESR browser contains a vulnerability related to errors occurring when memory is used after it is freed in the imgRequestProxy function. Exploiting this vulnerability allows a malicious actor to execute arbitrary code, using values of the content types from the image data...

Ultraseek信息泄露及请求代理漏洞

Ultraseek是一款企业级的搜索引擎。 Ultraseek中用于高亮显示蜘蛛抓取的页面中搜索条款的highlight脚本存在漏洞。攻击者可以直接访问/highlight/index.html中的highlight脚本，对其传送URL参数并检索内容。 攻击者还可以滥用该脚本枚举其他情况下无法访问的内部地址和开放端口。 Ultraseek的以下脚本还存在各种信息泄露漏洞： /help/urlstatusgo.html /help/header.html /help/footer.html /spell.html /coreforma.html /daterange.html...