182 matches found
Discuz! Forum the wap function module coding injection vulnerability-vulnerability warning-the black bar safety net
Information source: evil octal information security team www.eviloctal.com) Author: ainideX Affected version: Discuz! 4.0.0 Discuz! 4.1.0 Discuz! 5.0.0 Discuz! 5.5.0 Discuz! 6.0.0 Discuz! 6.1.0 Description: Discuz! The forum system is a PHP and MySQL such as a variety of other databases to build...
IBM WebSphere Application Server 6.1 < Fix Pack 21 Multiple Vulnerabilities
Binary data 4929.prm...
IBM WebSphere Application Server 6.1 < Fix Pack 21 Multiple Flaws
IBM WebSphere Application Server 6.1 before Fix Pack 21 appears to be running on the remote host. As such, it is reportedly affected by multiple flaws : - Provided Performance Monitoring Infrastructure PMI is enabled, it may be possible for a local attacker to obtain sensitive information through...
DMXReady Members Area Manager 1.2 - SQL Injection
DMXReady Members Area Manager 1.2 - SQL Injection Title : DMXReady Members Area Manager http://target/path/applications/MembersAreaManager/incmembersareamanager.asp Edit - http://target/path/admin/MembersAreaManager/components/SecurityLevelManager/uploadimagesecuritylevel.asp?cid=SQL Inject...
Change issue Security Level on Transition
We need a way to automatically change the Security Level of an issue when it is transitioned. Currently our project is has a default Security Level that only allows the assignee and management to see an issue, we would like to automatically open that issue up once it is fixed...
Change issue Security Level on Transition
We need a way to automatically change the Security Level of an issue when it is transitioned. Currently our project is has a default Security Level that only allows the assignee and management to see an issue, we would like to automatically open that issue up once it is fixed...
Moving a subtask Issue Type will sometimes ask the user for a Security Level even though this value is inherited from the Parent Issue.
When you move a subtask from an Issue Type where Security Level is a hidden field, to one where Security Level is no longer hidden, the system can mistakenly ask the User for a new Security Level. This is only a minor issue, as then the subtask will not actually take on the chosen value - it will...
Moving a subtask Issue Type will sometimes ask the user for a Security Level even though this value is inherited from the Parent Issue.
When you move a subtask from an Issue Type where Security Level is a hidden field, to one where Security Level is no longer hidden, the system can mistakenly ask the User for a new Security Level. This is only a minor issue, as then the subtask will not actually take on the chosen value - it will...
Moving a subtask Issue Type will sometimes ask the user for a Security Level even though this value is inherited from the Parent Issue.
When you move a subtask from an Issue Type where Security Level is a hidden field, to one where Security Level is no longer hidden, the system can mistakenly ask the User for a new Security Level. This is only a minor issue, as then the subtask will not actually take on the chosen value - it will...
Bulk Move does not update the Security Level of subtasks
When doing a bulk move, Parent issues moved to a new project must take any subtasks with them. If the new project has a different Issue Security scheme, then issues should get the default issue security in the new project. Currently a bulk move will change the security setting of parent issues, b...
Bulk Move does not update the Security Level of subtasks
When doing a bulk move, Parent issues moved to a new project must take any subtasks with them. If the new project has a different Issue Security scheme, then issues should get the default issue security in the new project. Currently a bulk move will change the security setting of parent issues, b...
Issues not shown in issue navigator that a user has permission for according to the issue security level
Users may not be able to see certain issues in the IssueNavigator, if they create an issue level security, where the permission depends on a user custom field where the customfield does not have a searcher set. Browsing the issue directly, works fine, however when running a search the issue wont ...
Issues not shown in issue navigator that a user has permission for according to the issue security level
Users may not be able to see certain issues in the IssueNavigator, if they create an issue level security, where the permission depends on a user custom field where the customfield does not have a searcher set. Browsing the issue directly, works fine, however when running a search the issue wont ...
Issues not shown in issue navigator that a user has permission for according to the issue security level
Users may not be able to see certain issues in the IssueNavigator, if they create an issue level security, where the permission depends on a user custom field where the customfield does not have a searcher set. Browsing the issue directly, works fine, however when running a search the issue wont ...
IssueLevelSecurity permission check does not work with a DocumentIssueImpl if no security level has been set.
We need to be able to handle per issue permission checks, if no issue security level has been set. The problem is that if no issue level security is set, -1 gets indexed. The permissions code however expects a null value...
IssueLevelSecurity permission check does not work with a DocumentIssueImpl if no security level has been set.
We need to be able to handle per issue permission checks, if no issue security level has been set. The problem is that if no issue level security is set, -1 gets indexed. The permissions code however expects a null value...
IssueLevelSecurity permission check does not work with a DocumentIssueImpl if no security level has been set.
We need to be able to handle per issue permission checks, if no issue security level has been set. The problem is that if no issue level security is set, -1 gets indexed. The permissions code however expects a null value...
Security level for attachments and screenshots
Discussing inside the team issues reported to JIRA by customers, we can hide from them our in-team comments, but cannot do it to attachments and screen-shots...
CommentService validation methods do not check user's security level
The validateCommentUpdate, hasPermissionToUpdate and hasPermissionToDelete methods on DefaultCommentService check the user's comment-related permissions but neglect to check whether they have a role/group security level viewable by the user attempting to delete a comment...
CommentService validation methods do not check user's security level
The validateCommentUpdate, hasPermissionToUpdate and hasPermissionToDelete methods on DefaultCommentService check the user's comment-related permissions but neglect to check whether they have a role/group security level viewable by the user attempting to delete a comment...