CVE-2022-31128 Fine grained permissions are not checked in Tuleap

Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions Tuleap does not properly verify permissions when creating branches with the REST API in Git repositories using the fine grained permissions. Users can create branches via th...

CVE-2022-31128 Fine grained permissions are not checked in Tuleap

Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions Tuleap does not properly verify permissions when creating branches with the REST API in Git repositories using the fine grained permissions. Users can create branches via th...

CVE-2022-31128 Fine grained permissions are not checked in Tuleap

Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions Tuleap does not properly verify permissions when creating branches with the REST API in Git repositories using the fine grained permissions. Users can create branches via th...

WordPress Live Chat Support Plugin < 8.0.26 Arbitrary File Upload Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:3cx:livechat"; if description...

This Week in Spring - July 19th, 2022

Hi, Spring fans! Welcome to another installment of This Week in Spring! This week Im trying to wind down some threads and take some vacation with my family. Its going to be an amazing time, indeed! But that doesnt stop the deluge of novelties and news in the wide world of Springdom, so weve got a...

Easy Student Results <= 2.2.8 - Sensitive Information Disclosure via REST API

The plugin lacks authorisation in its REST API, allowing unauthenticated users to retrieve information related to the courses, exams, departments as well as student's grades and PII such as email address, physical address, phone number etc PoC When the "Enable API for Mobile Apps" settings...

WordPress Easy Student Results plugin <= 2.2.8 - Sensitive Information Disclosure via REST API vulnerability

Sensitive Information Disclosure via REST API vulnerability discovered by Raad Haddad in WordPress Easy Student Results plugin versions = 2.2.8. Solution Deactivate and delete. This plugin has been closed as of July 11, 2022 and is not available for download. This closure is temporary, pending a...

CVE-2022-2117

The GiveWP plugin for WordPress is vulnerable to Sensitive Information Disclosure in versions up to, and including, 2.20.2 via the /donor-wall REST-API endpoint which provides unauthenticated users with donor information even when the donor wall is not enabled. This functionality has been...

Information disclosure

The GiveWP plugin for WordPress is vulnerable to Sensitive Information Disclosure in versions up to, and including, 2.20.2 via the /donor-wall REST-API endpoint which provides unauthenticated users with donor information even when the donor wall is not enabled. This functionality has been...

CVE-2022-2117 GiveWP – Donation Plugin and Fundraising Platform <= 2.20.2 - Sensitive Information Disclosure

The GiveWP plugin for WordPress is vulnerable to Sensitive Information Disclosure in versions up to, and including, 2.20.2 via the /donor-wall REST-API endpoint which provides unauthenticated users with donor information even when the donor wall is not enabled. This functionality has been...

Mattermost Resource Management Error Vulnerability (CNVD-2022-65347)

Mattermost is an open source collaboration platform from Mattermost, Inc. Mattermost 6.7.0 and earlier versions are vulnerable to a resource management error, which stems from the inability of the Slack import feature to properly limit the size of imported files, and can be exploited to import...

PT-2022-14899 · WordPress · Givewp

Name of the Vulnerable Software and Affected Versions: GiveWP plugin for WordPress versions up to, and including, 2.20.2 Description: The issue allows unauthenticated users to access donor information through the "/donor-wall" REST-API endpoint, even when the donor wall is not enabled. This...

CVE-2022-2406

The legacy Slack import feature in Mattermost version 6.7.0 and earlier fails to properly limit the sizes of imported files, which allows an authenticated attacker to crash the server by importing large files via the Slack import REST API...

CVE-2022-2406

Mattermost CVE-2022-2406 concerns the legacy Slack import feature (v6.7.0 and earlier). The root cause is failure to properly limit imported file sizes, allowing an authenticated attacker to crash the server by uploading large files via the Slack import REST API. Impact is a DoS affecting availab...

Sourcegraph gitserver sshCommand Remote Command Execution Exploit

A vulnerability exists within Sourcegraph's gitserver component that allows a remote attacker to execute arbitrary OS commands by modifying the core.sshCommand value within the git configuration. This command can then be triggered on demand by executing a git push operation. The vulnerability was...

GitLab 8.13 < 14.10.5 / 15.0 < 15.0.4 / 15.1 < 15.1.1 (CVE-2022-1999)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE affecting all versions from 8.13 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1. Under certain conditions, using the REST API an...

GiveWP < 2.21.3 - Admin+ Stored Cross-Site Scripting

The plugin does not properly sanitise and escape the currency settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup PoC Get a REST nonce logged in as admin:...

GiveWP < 2.21.3 - Admin+ Stored Cross-Site Scripting

The plugin does not properly sanitise and escape the currency settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup Get a REST nonce logged in as admin:...

FreeBSD : Gitlab -- multiple vulnerabilities (d1b35142-ff4a-11ec-8be3-001b217b3468)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the d1b35142-ff4a-11ec-8be3-001b217b3468 advisory. - A Regular Expression Denial of Service vulnerability in GitLab CE/EE affecting all versions...

JFrog Artifactory Cross-Site Scripting Vulnerability

JFrog Artifactory is an open source general-purpose Artifact repository manager from Israel-based JFrog that supports clustering and high-availability Docker registries and provides an end-to-end solution for tracking artifact automation from development to production.JFrog Artifactory suffers fr...