10 matches found
CVE-2026-10078
A flaw was found in the Quay config-tool's GitLab OAuth validator. This vulnerability causes sensitive credentials, specifically clientid and clientsecret, to be transmitted as plaintext in URL query parameters during POST requests to the GitLab endpoint. This insecure transmission can lead to th...
CVE-2026-23846
Tugtainer is a self-hosted app for automating updates of Docker containers. In versions prior to 1.16.1, the password authentication mechanism transmits passwords via URL query parameters instead of the HTTP request body. This causes passwords to be logged in server access logs and potentially...
The Rise of S3 Ransomware: How to Identify and Combat It
In today's digital landscape, around 60% of corporate data now resides in the cloud, with Amazon S3 standing as the backbone of data storage for many major corporations. Despite S3 being a secure service from a reputable provider, its pivotal role in handling vast amounts of sensitive data custom...
USN-5585-1 jupyter-notebook vulnerabilities
It was discovered that Jupyter Notebook incorrectly handled certain notebooks. An attacker could possibly use this issue of lack of Content Security Policy in Nbconvert to perform cross-site scripting XSS attacks on the notebook server. This issue only affected Ubuntu 18.04 LTS. CVE-2018-19351 It...
CVE-2011-4852
The Control Panel in Parallels Plesk Panel 10.4.4build20111103.18 generates web pages containing external links in response to GET requests with query strings for enterprise/mobile-monitor/ and certain other files, which makes it easier for remote attackers to obtain sensitive information by...
Cross site scripting
The Control Panel in Parallels Plesk Panel 10.4.4build20111103.18 generates web pages containing external links in response to GET requests with query strings for enterprise/mobile-monitor/ and certain other files, which makes it easier for remote attackers to obtain sensitive information by...
CVE-2011-4740
The CVE-2011-4740 entry affects Parallels Plesk Panel 10.2.0 build 20110407.20. The issue is described as a cross-domain Referer leakage: the Control Panel generates web pages containing external links in response to GET requests with specific query strings (e.g., smb/app/search-data/catalogId/ma...
CVE-2011-4751
SmarterTools SmarterStats 6.2.4100 generates web pages containing external links in response to GET requests with query strings for frmGettingStarted.aspx, which makes it easier for remote attackers to obtain sensitive information by reading 1 web-server access logs or 2 web-server Referer logs,...
CVE-2011-4852
The Control Panel in Parallels Plesk Panel 10.4.4build20111103.18 generates web pages containing external links in response to GET requests with query strings for enterprise/mobile-monitor/ and certain other files, which makes it easier for remote attackers to obtain sensitive information by...
CVE-2009-3166
Bugzilla 3.4rc1–3.4.1 vulnerability: token.cgi places a password in the login URL after a reset, allowing context-dependent attackers to obtain passwords via web server access logs, Referer logs, or browser history. The provided documents confirm Bugzilla involvement and CVE-2009-3166, but do not...