PT-2026-2969

This module integrates the AT Internet Piano Analytics service. The module does not filter administrator-entered text leading to a persistent Cross-site Scripting XSS vulnerability. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administer...

CVE-2023-53690 Nagios Fusion < 4.2.0 LDAP/AD Integration Stored XSS

Nagios Fusion versions prior to 4.2.0 contain a stored cross-site scripting XSS vulnerability in the LDAP/AD authentication-server configuration. Unsanitized user input can be stored and later rendered in the administrative UI, causing JavaScript to execute in the browser of any user who views th...

CVE-2023-53690 Nagios Fusion < 4.2.0 LDAP/AD Integration Stored XSS

Nagios Fusion versions prior to 4.2.0 contain a stored cross-site scripting XSS vulnerability in the LDAP/AD authentication-server configuration. Unsanitized user input can be stored and later rendered in the administrative UI, causing JavaScript to execute in the browser of any user who views th...

EUVD-2011-1322

Malware in sbrugna...

EUVD-2023-2806

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2017-0925

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Gitlab Enterprise Edition version 10.1.0 is vulnerable to an insufficiently protected credential issue in the project service integration API endpoint resulting...

CVE-2011-5066

The SibRaRecoverableSiXaResource class in the Default Messaging Component in IBM WebSphere Application Server WAS 6.1 before 6.1.0.41 does not properly handle a Service Integration Bus SIB dump operation involving the First Failure Data Capture FFDC introspection code, which allows local users to...

CVE-2011-1314

The Service Integration Bus SIB messaging engine in IBM WebSphere Application Server WAS before 7.0.0.15 allows remote attackers to cause a denial of service daemon hang by performing close operations via network connections to a queue manager...

Code injection

journalpump is a daemon that takes log messages from journald and pumps them to a given output. A logging vulnerability was found in journalpump which logs out the configuration of a service integration in plaintext to the supplied logging pipeline, including credential information contained in t...

WordPress Ninja Forms plugin Cross-Site Request Forgery Vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress Ninja Forms plugin before 3.4.27.1 suffers from a cross-site request forgery vulnerability...

GitLab Input Validation Error Vulnerability (CNVD-2020-20439)

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. An input validation error vulnerability exists in service...

CVE-2019-5461

An input validation problem was discovered in the GitHub service integration which could result in an attacker being able to make arbitrary POST requests in a GitLab instance's internal network. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6...

CVE-2019-5461

An input validation problem was discovered in the GitHub service integration which could result in an attacker being able to make arbitrary POST requests in a GitLab instance's internal network. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6...

Input validation

An input validation problem was discovered in the GitHub service integration which could result in an attacker being able to make arbitrary POST requests in a GitLab instance's internal network. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6...

com.alexbt:springboot-autoconfigure-openid-oauth (=1.0.9), com.appdirect:service-integration-sdk (>=1.24 <=v11.129.7) +11 more potentially affected by CVE-2019-11269 via org.springframework.security.oauth:spring-security-oauth (>=2.0.10.RELEASE <=2.0.17.RELEASE)

org.springframework.security.oauth:spring-security-oauth MAVEN version =2.0.10.RELEASE, =1.24, =1.4.3, =2.7.4.7, =2.7.4.7, =2.7.4.7, =3.3.0.4, =3.3.0.4, =2.7.4.7, =4.4.0 Source cves: CVE-2019-11269 Source advisory: OSV:GHSA-MMF6-6597-3V6M...

com.alexbt:springboot-autoconfigure-openid-oauth (=1.0.9), com.appdirect:service-integration-sdk (>=1.24 <=v11.129.7) +10 more potentially affected by CVE-2019-3778 via org.springframework.security.oauth:spring-security-oauth (>=2.0.10.RELEASE <=2.0.14.RELEASE)

org.springframework.security.oauth:spring-security-oauth MAVEN version =2.0.10.RELEASE, =1.24, =2.7.4.7, =2.7.4.7, =2.7.4.7, =3.3.0.4, =3.3.0.4, =2.7.4.7, =4.4.0 Source cves: CVE-2019-3778 Source advisory: OSV:GHSA-77RV-6VFW-X4GC...

Gitlab project service integration API endpoint information disclosure vulnerability

GitLab is a set of Ruby on Rails development of open source applications , can be realized as a self-hosted Git version control system project repository , which has similar features to Github , you can access the project's file content , commit history , bug lists , etc. GitLab Community Edition...

CVE-2017-0925

Gitlab Enterprise Edition version 10.1.0 is vulnerable to an insufficiently protected credential issue in the project service integration API endpoint resulting in an information disclosure of plaintext password...

CVE-2017-0925

Gitlab Enterprise Edition version 10.1.0 is vulnerable to an insufficiently protected credential issue in the project service integration API endpoint resulting in an information disclosure of plaintext password...

UBUNTU-CVE-2017-0925

Gitlab Enterprise Edition version 10.1.0 is vulnerable to an insufficiently protected credential issue in the project service integration API endpoint resulting in an information disclosure of plaintext password...