8 matches found
UBUNTU-CVE-2019-15578
An information disclosure exists in 12.3.2, 12.2.6, and 12.1.12 for GitLab Community Edition CE and Enterprise Edition EE. The path of a private project, that used to be public, would be disclosed in the unsubscribe email link of issues and merge requests...
FreeBSD : Gitlab -- Multiple Vulnerabilities (01bde18a-2e09-11ea-a935-001b217b3468)
SO-AND-SO reports : Group Maintainers Can Update/Delete Group Runners Using API GraphQL Queries Can Hang the Application Unauthorized Users Have Access to Milestones of Releases Private Group Name Revealed Through Protected Tags API Users Can Publish Reviews on Locked Merge Requests DoS in the...
Gitlab -- Multiple Vulnerabilities
The GitLab Team reports: Group Maintainers Can Update/Delete Group Runners Using API GraphQL Queries Can Hang the Application Unauthorized Users Have Access to Milestones of Releases Private Group Name Revealed Through Protected Tags API Users Can Publish Reviews on Locked Merge Requests DoS in t...
GitLab CE/EE Information Disclosure Vulnerability (CNVD-2018-26956)
GitLab is a set of open source applications developed using Ruby on Rails to implement a self-hosted Git version control system project repository, which has similar functionality to Github for accessing a project's file contents, commit history, bug lists, and more. An information disclosure...
Boozt Fashion AB: [www.boozt.com] - Authentication bypass
Description I have found a flaw in the authentication process when accessing the website by visiting an unsubscribe link. PoC 1. Visit http://click.email.boozt.com/?qs=723df61c937e4dbf9e378d2157f7907baa95fa00699f2b4d13e192b1d14ed67323d5c7a75c6f801baf1e68c2beabbc43d574caeb9b6f8c085971631d636b3cda ...
Uber: SQL Injection on sctrack.email.uber.com.cn
Hi, Uber Security team I just traveled to China, when I call Uber in China. I received an advertisement mail from Uber and I found the unsubscribe link is different from the original unsubscribe link, and there is a SQL Injection under the unsubscribe link. You can see where to find the unsubscri...
columbiadomains.net XSS vulnerability
Vulnerable URL: http://www.columbiadomains.net/utils/UnSubscribeMe.bml?Name=JUSTXSSS=EstrellaWarBirdsNews=" Details: Description| Value ---|--- Patched:| No Latest check for patch:| 26.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated...
LinkedIn Victims Do Not Connect With Legitimate Notifications
The company sent an important e-mail notification with special coding DKIM and addressed the recipient by name. It also didn’t include any links in the actual message. And yet LinkedIn did not connect with some 250,000 of its users, who flagged the legitimate alert as spam. Some thought it was a...