CVE-2022-23115

Cross-site request forgery CSRF vulnerabilities in Jenkins batch task Plugin 1.19 and earlier allows attackers with Overall/Read access to retrieve logs, build or delete a batch task...

EUVD-2018-17525

Malware in sbrugna...

CVE-2024-10520

The WP Project Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in the 'check' method of the 'CreateMilestone', 'CreateTaskList', 'CreateTask', and 'DeleteTask' classes in version 2.6.14. This makes it possible for unauthenticated...

PT-2024-16339 · WordPress · Wp Project Manager

Name of the Vulnerable Software and Affected Versions: WP Project Manager plugin for WordPress version 2.6.14 Description: The WP Project Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in the check method of the Create Milestone,...

CVE-2024-4843

ePO doesn't allow a regular privileged user to delete tasks or assignments. Insecure direct object references that allow a least privileged user to manipulate the client task and client task assignments, hence escalating his/her privilege...

CVE-2024-4843

CVE-2024-4843 affects Trellix ePolicy Orchestrator (ePO). Publicly cited documents describe insecure direct object references that let a least-privileged user manipulate client tasks and client task assignments, enabling privilege escalation. The NVD/NVD-derived entries describe impact as insuffi...

Citrix MCS may take several hours to delete failed tasks

Citrix MCS may take several hours to delete failed VM creation tasks...

Mozilla Firefox MessageTask 资源管理错误漏洞

Mozilla Firefox, an open source web browser from the Mozilla Foundation, has a resource management error vulnerability in Mozilla Firefox MessageTask, which stems from the fact that tasks may have been deleted while they were still scheduled during operations on MessageTasks, and could be exploit...

OX App Suite 7.8.4 XSS / Privilege Management / SSRF / Traversal

Dear subscribers, we've migrated our public disclosure workflow to full-disclosure and are catching up on publishing recent vulnerabilities through this channel. Feel free to join our bug bounty programs open-xchange, dovecot, powerdns at HackerOne. Yours sincerely, Martin Heiland, Open-Xchange...

Security update for MozillaThunderbird (important)

This update for MozillaThunderbird to version 52.6 fixes several issues. These security issues were fixed: - CVE-2018-5095: Integer overflow in Skia library during edge builder allocation bsc1077291. - CVE-2018-5096: Use-after-free while editing form elements bsc1077291. - CVE-2018-5097:...

OPENSUSE-SU-2018:0256-1 Security update for MozillaThunderbird

This update for MozillaThunderbird to version 52.6 fixes several issues. These security issues were fixed: - CVE-2018-5095: Integer overflow in Skia library during edge builder allocation bsc1077291. - CVE-2018-5096: Use-after-free while editing form elements bsc1077291. - CVE-2018-5097:...

OPENSUSE-SU-2018:0257-1 Security update for MozillaThunderbird

This update for MozillaThunderbird to version 52.6 fixes several issues. These security issues were fixed: - CVE-2018-5095: Integer overflow in Skia library during edge builder allocation bsc1077291. - CVE-2018-5096: Use-after-free while editing form elements bsc1077291. - CVE-2018-5097:...

Open-Xchange: [IDOR] Deleting other people's tasks

Description When creating tasks each task is assigned with an id value. Using this id it's possible to delete any task created in the same instance even if you don't actually have access to viewing or editing the task. Steps to Reproduce 1 Login to https://sandbox.open-xchange.com/ with user1 2...