21 matches found
CVE-2025-64482
Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap Community Edition prior to version 16.13.99.1762267347 and Tuleap Enterprise Edition prior to versions 17.01-, 16.13-6, and 16.12-9 don't have cross-site request forgery protections in the file...
VICIdial 2.14-917a SQL Injection Vulnerability
An unauthenticated attacker can leverage a time-based SQL injection vulnerability in VICIdial version 2.14-917a to enumerate database records. By default, VICIdial stores plaintext credentials within the database. Title: VICIdial Unauthenticated SQL Injection Publication URL:...
OS Command Injection in ohmyzsh/ohmyzsh
Description In Oh My Zsh, there is a function called omzurldecode, which is used to decode URLs. Since this function is using eval with user inputs without any sanitization, it's possible to inject arbitrary commands into the eval context, which allows an attacker to achieve the command injection...
8x8: Publicly accessible .svn repository - aastraconf.packet8.net
The server contained artifacts from an old SVN repository. The files were removed...
SVN Repository Detected
The web server on the remote host allows read access to files within a '.svn' directory exposing files tracked inside. This potential flaw can be used to access content from the web server that might otherwise be private & permit download of the source code of listed pages hosted on the remote...
watkyn.svnrepository.com Improper Access Control vulnerability
Open Bug Bounty ID: OBB-608039 Description| Value ---|--- Affected Website:| watkyn.svnrepository.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| IAC Improper Access Control / CWE-284 CVSSv3 Score:| 6.5...
Multiple Vulnerabilities in LibXL Library Open Door to RCE Attacks
Researchers have identified seven vulnerabilities in the LibXL C library, used to read Excel files. Each of the vulnerabilities are rated 8.8 in severity on the Common Vulnerability Scoring System scale. Attackers could exploit each of the vulnerabilities and perform remote code execution attacks...
Pornhub: Publicly exposed SVN repository, ht.pornhub.com
After I found the subversion repository I visited the following location https://netreact.eu/hubtraffic I could see the usernames in the repo and the following weak credentials gave me access: stefan:123456 An attacker can commit code to this location which could be mirrored on the main site and...
Yahoo!: readble .htaccess + Source Code Disclosure (+ .SVN repository)
Thank you for your submission to the Yahoo Bug Bounty program. We were able to reproduce the issue you reported and have implemented appropriate fixes. We appreciate your adherence to responsible disclosure guidelines and look forward to your future participation in the program...
CentOS 5 / 6 : subversion (CESA-2014:0255)
Updated subversion packages that fix three security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity rating...
[BlindElephant] Web Application Fingerprinting
During Black Hat USA 2010 , Patrick Thomas presented a new web application fingerprinting tool called Blind Elephant. The BlindElephant Web Application Finger-printer attempts to discover the version of a known web application by comparing static files at known locations against precomputed hashe...
OpenVAS Command Injection
OpenVAS Security Advisory OVSA20121112 Date: 12th November 2012 Product: OpenVAS Manager Risk: Medium Summary It has been identified that OpenVAS Manager is vulnerable to command injection due to insufficient validation of user supplied data when processing OMP requests. It has been identified th...
eoCMS 0.9 nightly Mullti Vulnerability
Exploit for php platform in category web applications ====================================== eoCMS 0.9 nightly Mullti Vulnerability ====================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/...
SkyBlueCanvas [1.1 r248] SVN repository Vulnerability
Exploit for php platform in category web applications 0day.today 2018-01-10...
Python Multiple Vulnerabilities (Windows)
The host is installed with Python, which is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: secpodpythonmultvulnwin900105.nasl 7174 2017-09-18 11:48:08Z asteins $ Description: Python Multiple Vulnerabilities Windows Authors: Sharath S Copyright: Copyright C 2008 SecPod,...
Python Multiple Vulnerabilities (Linux)
The host is installed Python, which is prone to multiple vulnerabilities. This NVT has been replaced by NVT gbCESA-20091176pythoncentos5i386.nasl OID:1.3.6.1.4.1.25623.1.0.880881, gbCESA-20091178pythoncentos3i386.nasl OID:1.3.6.1.4.1.25623.1.0.880715. OpenVAS Vulnerability Test $Id:...
Apache HTTP Server 'mod_proxy_ftp' Wildcard Characters XSS Vulnerability
Apache HTTP Server is prone to a cross-site scripting vulnerability. SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2007-6350
scponly 4.6 and earlier allows remote authenticated users to bypass intended restrictions and execute code by invoking dangerous subcommands including 1 unison, 2 rsync, 3 svn, and 4 svnserve, as originally demonstrated by creating a Subversion SVN repository with malicious hooks, then using svn ...
Design/Logic Flaw
scponly 4.6 and earlier allows remote authenticated users to bypass intended restrictions and execute code by invoking dangerous subcommands including 1 unison, 2 rsync, 3 svn, and 4 svnserve, as originally demonstrated by creating a Subversion SVN repository with malicious hooks, then using svn ...
Update: ViewCVS and ViewVC 'checkout view' content type fixation issue
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi! Moritz Naumann wrote: This does not impact how much the rest of my report applies. My findings are now being discussed on the ViewVC developers mailing list 1. They apparently also impact ViewVC. Whether and to which degree what I am reporting c...