CVE-2020-15051

An issue was discovered in Artica Proxy before 4.30.000000. Stored XSS exists via the Server Domain Name, Your Email Address, Group Name, MYSQL Server, Database, MYSQL Username, Group Name, and Task Description fields...

Cross site scripting

An issue was discovered in Artica Proxy before 4.30.000000. Stored XSS exists via the Server Domain Name, Your Email Address, Group Name, MYSQL Server, Database, MYSQL Username, Group Name, and Task Description fields...

CVE-2020-15051

An issue was discovered in Artica Proxy before 4.30.000000. Stored XSS exists via the Server Domain Name, Your Email Address, Group Name, MYSQL Server, Database, MYSQL Username, Group Name, and Task Description fields...

Natlas - Scaling Network Scanning

You've got a lot of maps and they are getting pretty unruly. What do you do? You put them in a book and call it an atlas. This is like that, except it's a website and it's a collection of nmaps. The Natlas server doubles as a task manager for the agents to get work, allowing you to control the...

Phabricator: Edit Policy restriction does not prevent comments.

Change the edit policy of a Maniphest Task - Attempt to comment on the the task with a user who doesn't have access Impact Given a few users I spoke to believe restricting the edit policy blocks comments, This allows an underpriveleged user to gain access to carry out a restrcited action. Mongoos...

Secret Service Creates Cyber Fraud Task Forces

The U.S. Secret Service has created the Cyber Fraud Task Forces CFTFs, aimed at preventing, detecting and mitigating complex cyber-enabled financial crime – including making arrests and convictions. The CFTF is the result of a formal merging of two of the Secret Service’s existing units into a...

Nextcloud Deck Access Control Error Vulnerability

Nextcloud Deck is a Kanban-style organization tool developed by Nextcloud, Inc. designed for individual planning and project organization for teams integrated with Nextcloud. An access control vulnerability exists in Nextcloud Deck version 1.0.0. An attacker can exploit the vulnerability to injec...

CVE-2020-8179

CVE-2020-8179 affects Nextcloud Deck 1.0.0. The root cause is an improper access control in the deck task/move flow: updating a card’s stackId via /apps/deck/cards/{id} does not enforce that the destination belongs to the requester, allowing an attacker to inject tasks into another user’s deck. T...

ant: insecure temporary file vulnerability

Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build...

Cisco UCS Director Path Traversal Vulnerability (CNVD-2020-34295)

Cisco UCS Director is a heterogeneous platform for private cloud Infrastructure as a Service IaaS from Cisco. A path traversal vulnerability exists in the orchestration task in Cisco UCS Director Releases prior to 6.7.4.0, where the program fails to adequately validate user-submitted input. A...

CVE-2020-10268

Critical services for operation can be terminated from windows task manager, bringing the manipulator to a halt. After this a Re-Calibration of the brakes needs to be performed. Be noted that this only can be accomplished either by a Kuka technician or by Kuka issued calibration hardware that...

CVE-2020-10268 RVD#2550: Terminate Critical Services in KUKA controller KR C4

Critical services for operation can be terminated from windows task manager, bringing the manipulator to a halt. After this a Re-Calibration of the brakes needs to be performed. Be noted that this only can be accomplished either by a Kuka technician or by Kuka issued calibration hardware that...

Phishing Attack Hits German Coronavirus Task Force

Researchers are warning of an ongoing phishing attack that’s targeting the credentials of more than 100 high-profile executives at a German multinational corporation that’s tasked with procuring coronavirus medical gear for Germany. The company, left unnamed by researchers, is part of a task forc...

CVE-2020-13890

The Neon theme 2.0 before 2020-06-03 for Bootstrap allows XSS via an Add Task Input operation in a dashboard...

CVE-2020-13890

The Neon theme 2.0 before 2020-06-03 for Bootstrap allows XSS via an Add Task Input operation in a dashboard...

CVE-2020-13890

The CVE-2020-13890 entry concerns Neon theme 2.0 for Bootstrap, prior to 2020-06-03. The vulnerability is an XSS flaw in the dashboard Add Task Input operation, caused by insufficient validation of client-side data. Reported sources (NVD, CNVD, Red Hat advisory) describe the same issue and identi...

CVE-2020-13890

The Neon theme 2.0 before 2020-06-03 for Bootstrap allows XSS via an Add Task Input operation in a dashboard...

ambition-edc (>=0.3.68 <=0.3.72), caluma (>=5.2.1 <=5.6.0) +35 more potentially affected by CVE-2020-13596 via django (>=2.2.0 <=2.2.12)

django PYPI version =2.2.0, =0.3.68, =5.2.1, =0.1.0, =0.0.1, =0.0.1, =0.3.0a0, =0.0.1, =0.0.1, =0.0.26 and more Source cves: CVE-2020-13596 Source advisory: OSV:GHSA-2M34-JCJV-45XF...

Security fix for the ALT Linux 8 package php7 version 7.2.31-alt1

7.2.31-alt1 built June 2, 2020 Anton Farygin in task 252632 June 1, 2020 Anton Farygin - 7.2.31 Fixes: CVE-2019-11048, CVE-2019-11048...

Updated ant packages fix security vulnerability

Updated ant packages fix security vulnerability: Apache Ant uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back...