27 matches found
Vikunja has Cross-Project Information Disclosure via Task Relations — Missing Authorization Check on Related Task Read
When the Vikunja API returns tasks, it populates the relatedtasks field with full task objects for all related tasks without checking whether the requesting user has read permission on those tasks' projects. An authenticated user who can read a task that has cross-project relations will receive...
EUVD-2018-1933
Malware in sbrugna...
EUVD-2016-6877
Malware in sbrugna...
EUVD-2019-2219
Malware in sbrugna...
EUVD-2007-6026
Malware in sbrugna...
EUVD-2024-27521
Malicious code in bioql PyPI...
CVE-2023-29247
Task instance details page in the UI is vulnerable to a stored XSS.This issue affects Apache Airflow: before 2.6.0...
CVE-2022-49111 Bluetooth: Fix use after free in hci_send_acl
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix use after free in hcisendacl This fixes the following trace caused by receiving HCIEVDISCONNPHYLINKCOMPLETE which does call hciconndel without first checking if conn-type is in fact AMPLINK and in case it is do...
PHP Task Management System SQL注入漏洞
SourceCodester Task Management System is a task management system. A SQL injection vulnerability exists in PHP Task Management System version v.1.0, which could allow remote attackers to escalate privileges and obtain sensitive information via the taskid parameter of the task-details.php and...
CVE-2024-3224
A vulnerability has been found in SourceCodester PHP Task Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file task-details.php. The manipulation of the argument taskid leads to sql injection. The attack can be launched remotely...
SourceCodester Task Management System SQL注入漏洞
SourceCodester Task Management System is a task management system. A SQL injection vulnerability exists in SourceCodester Task Management System version 1.0, which originates from a SQL injection vulnerability in the taskid parameter of the file task-details.php...
PT-2024-24470 · Sourcecodester · Sourcecodester Php Task Management System
Name of the Vulnerable Software and Affected Versions: SourceCodester PHP Task Management System version 1.0 Description: A critical issue has been found in the SourceCodester PHP Task Management System, affecting an unknown functionality of the file task-details.php. The manipulation of the task...
CVE-2024-2572
A vulnerability was found in SourceCodester Employee Task Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /task-details.php. The manipulation leads to execution after redirect. The attack may be initiated remotely. The exploit has been...
PT-2024-21112 · Sourcecodester · Sourcecodester Employee Task Management System
Name of the Vulnerable Software and Affected Versions: SourceCodester Employee Task Management System version 1.0 Description: A critical issue affects the processing of the file /task-details.php, leading to execution after redirect. The attack may be initiated remotely. The exploit has been...
CVE-2023-0904
A vulnerability was found in SourceCodester Employee Task Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file task-details.php. The manipulation of the argument taskid leads to sql injection. The attack may be initiated remotely. The exploi...
PT-2023-16606 · Sourcecodester · Sourcecodester Employee Task Management System
Name of the Vulnerable Software and Affected Versions: SourceCodester Employee Task Management System version 1.0 Description: A critical issue affects the processing of the file task-details.php, where the manipulation of the task id argument leads to sql injection. The attack can be initiated...
dotCMS 跨站脚本漏洞
Dotcms dotCMS is a content management system CMS from the American company dotCMS Dotcms. The system supports RSS feeds , blogs , forums and other modules , and is easy to extend and build features . A cross-site scripting vulnerability exists in dotCMS v5.1.5, which can be exploited by a remote...
CVE-2019-10198
An authentication bypass vulnerability was discovered in foreman-tasks before 0.15.7. Previously, commit tasks were searched through findresource, which performed authorization checks. After the change to Foreman, an unauthenticated user can view the details of a task through the web UI or API, i...
CVE-2019-10198
An authentication bypass vulnerability was discovered in foreman-tasks before 0.15.7. Previously, commit tasks were searched through findresource, which performed authorization checks. After the change to Foreman, an unauthenticated user can view the details of a task through the web UI or API, i...
Realization Concerto Critical Chain Planner SQL Injection Vulnerability
Realization Concerto Critical Chain Planner CCPM is a project management software package. A SQL injection vulnerability exists in the taskupdt/taskdetails.aspx web page in Realization CCPM version 5.10.8071. The vulnerability stems from a database-based application that lacks validation of...