Kuran'in Bilimsel Mucizeleri Project Security Vulnerabilities

CVE-2023-46727

GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.11, GLPI inventory endpoint can be used to drive a SQL injection attack. Version 10.0.11 contains a patch for the issue. As a workaround, disable native...

CVE-2023-46726

GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.11, on PHP 7.4 only, the LDAP server configuration form can be used to execute arbitrary code previously uploaded as a GLPI document. Version 10.0.11 contains a patch for the...

CVE-2023-28639

GLPI is a free asset and IT management software package. Starting in version 0.85 and prior to versions 9.5.13 and 10.0.7, a malicious link can be crafted by an unauthenticated user. It will be able to exploit a reflected XSS in case any authenticated user opens the crafted link. This issue is...

CVE-2023-28632

GLPI is a free asset and IT management software package. Starting in version 0.83 and prior to versions 9.5.13 and 10.0.7, an authenticated user can modify emails of any user, and can therefore takeover another user account through the "forgotten password" feature. By modifying emails, the user...

Malicious code in webpack-cli.legacy (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (22737261df7f74819a3f3f968e6516db5e37f6621827d6148b290f7650b9992f) The OpenSSF Package Analysis project identified 'webpack-cli.legacy' @ 1.0.0 (npm) as malicious. It is considered malicious because: - The package.....

Malicious code in fkletbbpoc (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (125b0aa54538899871c0071ae4b76678012092032ff03d6ad08c4ecf1a2fc7d7) The OpenSSF Package Analysis project identified 'fkletbbpoc' @ 0.0.1 (npm) as malicious. It is considered malicious because: - The package...

Malicious code in commentrating (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (87db588ebd8e7a42cbbbbf7fc21caa36fc553172a0ff4c4e9a58ce9354d62e7f) The OpenSSF Package Analysis project identified 'commentrating' @ 99.9.1 (npm) as malicious. It is considered malicious because: - The package...

Malicious code in verycoolzpac2 (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (50b609e8ebccac67716745b1447224238ae17c0a78499f90c48aa684d971cded) The OpenSSF Package Analysis project identified 'verycoolzpac2' @ 0.0.3 (npm) as malicious. It is considered malicious because: - The package...

Malicious code in idcs-dialog (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (1f9e71c07d690c8293d57afe2530d560684f82b76c844f9904256c1d330fc5af) The OpenSSF Package Analysis project identified 'idcs-dialog' @ 1.0.0 (npm) as malicious. It is considered malicious because: - The package...

BIT-gitlab-2024-4011

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.1 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows non-project member to promote key results to...

CVE-2023-43813

GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.11, the saved search feature can be used to perform a SQL injection. Version 10.0.11 contains a patch for the...

Malicious code in smart-commons (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (3d5cef67a87cd4a497f6879379a3829535212f7d703197ce6d3130dd03fd2da6) The OpenSSF Package Analysis project identified 'smart-commons' @ 19.6.1 (npm) as malicious. It is considered malicious because: - The package...

Malicious code in plain-function (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (2e38d4006afc6d5a3ce531ced341af81b57134a68230e68e52122825f587260e) The OpenSSF Package Analysis project identified 'plain-function' @ 20.1.1 (npm) as malicious. It is considered malicious because: - The package...

Malicious code in links-3 (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (870f8306aa2e95828fa2fdd771044248f7d5e8e715304b6818773620e5c7a1b2) The OpenSSF Package Analysis project identified 'links-3' @ 9.0.1 (npm) as malicious. It is considered malicious because: - The package...

Malicious code in spamsynonym (PyPI)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (bbc650ef44d412610406a674ac1fce3dcb717b01d175614f158016f47b53b1ce) The OpenSSF Package Analysis project identified 'spamsynonym' @ 1.1.1 (pypi) as malicious. It is considered malicious because: - The package...

Malicious code in com.unity.xrtools.spatial-hash (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (efa5d123e10b0da3ed7e7898101f41654aa13a572def7acb40b838e0ef88e74b) The OpenSSF Package Analysis project identified 'com.unity.xrtools.spatial-hash' @ 2.0.0 (npm) as malicious. It is considered malicious because: -.....

Exploit for Heap-based Buffer Overflow in Fortinet Fortiproxy

Usage: python3 cve-2022-42475.py rhost rport lhost 'command'...

CVE-2024-2038 Visual Website Collaboration, Feedback & Project Management – Atarim <= 3.22.6 - Hardcoded Credentials

The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 3.22.6. This is due to the use of hardcoded credentials to authenticate all the incoming API requests. This makes it possible for....

BIT-gitlab-2024-6323

Improper authorization in global search in GitLab EE affecting all versions from 16.11 prior to 16.11.5 and 17.0 prior to 17.0.3 and 17.1 prior to 17.1.1 allows an attacker leak content of a private repository in a public...

Using the Jira Python library to make REST API calls with cookie auth bypasses Jira rate limiting

h3. Issue Summary When using the open-source [Jira Python library|https://github.com/pycontribs/jira] to make REST API calls to Jira, if [cookie-based authentication|https://jira.readthedocs.io/examples.html#cookie-based-authentication] is used then Jira's rate limits will be bypassed. This can...

Malicious code in en-calendar (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (0cc66d6eb2f773deb786b69bc29863caf4091bd2bd1f9fe0b7fdaa6fe14aca89) The OpenSSF Package Analysis project identified 'en-calendar' @ 1.0.1 (npm) as malicious. It is considered malicious because: The package executes.....

Malicious code in react-green-ui (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (3109c997fe1ab2888814f3679bf903a97bce7112d5921a921ae0aea7d787fe3d) The OpenSSF Package Analysis project identified 'react-green-ui' @ 10.0.49 (npm) as malicious. It is considered malicious because: - The package...

Malicious code in com.unity.test-runner-manual-tests (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (85698be2138d279587657502f67090097d4cbbeb4b05a492c63e318fe69f4560) The OpenSSF Package Analysis project identified 'com.unity.test-runner-manual-tests' @ 2.0.0 (npm) as malicious. It is considered malicious...

Malicious code in afterpay-sdk-example-server (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (555a159aa3b74ea73f8574c05e14aa536948cbe56b0420bcdcc0daa2a911ae2c) The OpenSSF Package Analysis project identified 'afterpay-sdk-example-server' @ 20.0.0 (npm) as malicious. It is considered malicious because: -...

Malicious code in store-js-sdk (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (4462b056f6144f0a42e19147fcc9c5a0277e45631c26bebad88d24513995b773) The OpenSSF Package Analysis project identified 'store-js-sdk' @ 1.0.1 (npm) as malicious. It is considered malicious because: - The package...

Malicious code in bageth (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (e0fb8d217f32446aeb4dbf744d45c5aadd152f0917a228ead1ad0183ac18b995) The OpenSSF Package Analysis project identified 'bageth' @ 2.0.0 (npm) as malicious. It is considered malicious because: The package communicates...

Malicious code in kiln-desktop (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (ef3b624dee4eb3ef776b321ad28eddf3bc2d6cde2852fdcb47b0ef795047c6bf) The OpenSSF Package Analysis project identified 'kiln-desktop' @ 2.2.0 (npm) as malicious. It is considered malicious because: The package...

CVE-2023-28636

GLPI is a free asset and IT management software package. Starting in version 0.60 and prior to versions 9.5.13 and 10.0.7, a vulnerability allows an administrator to create a malicious external link. This issue is fixed in versions 9.5.13 and...

Malicious code in cyclotron-svc (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (4f8b0a1aa798da64bb0b8fd50b7a301eb9c0bec31e520948a8b30275bcbe318b) The OpenSSF Package Analysis project identified 'cyclotron-svc' @ 5.0.0 (npm) as malicious. It is considered malicious because: - The package...

Malicious code in smsobfuscate (PyPI)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (fa2efc28ecdebc90e41edd50503e199984f68d05cb13edab8b6e8d503d18e75c) The OpenSSF Package Analysis project identified 'smsobfuscate' @ 1.0.1 (pypi) as malicious. It is considered malicious because: - The package...

Malicious code in verycoolzpac (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (5375ee65b8d94a515b53e30980d783a66b8f75c2ad0f388f471e41b0dada5587) The OpenSSF Package Analysis project identified 'verycoolzpac' @ 0.39.9999 (npm) as malicious. It is considered malicious because: - The package...

Malicious code in zsbpwebsdktest3 (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (a25d6ab5c8c52c4020f38d78237f6c953a826c3e8abc287370befada0727c50a) The OpenSSF Package Analysis project identified 'zsbpwebsdktest3' @ 9999.9.9 (npm) as malicious. It is considered malicious because: - The package.....

Malicious code in twinmotion (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (0627a5bcf9887521a72abc5568ab4cf60f65b073d5b0b1c5d2978eeb30079cfd) The OpenSSF Package Analysis project identified 'twinmotion' @ 99.1.1 (npm) as malicious. It is considered malicious because: - The package...

Malicious code in testforconfusion (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (0463d945d1cd3398ce2594034fd52775ac94fe411f1cc645f88f757522abfc1b) The OpenSSF Package Analysis project identified 'testforconfusion' @ 1.1.0 (npm) as malicious. It is considered malicious because: - The package...

Malicious code in seafoam-desktop (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (11b7b515412cb320d382cffb4a3abe4fa232556d7db6ac3dde904bd295b279a3) The OpenSSF Package Analysis project identified 'seafoam-desktop' @ 10.0.0 (npm) as malicious. It is considered malicious because: - The package...

Malicious code in compositionupdate (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (609e73b696d2a84c8c2169afde78694231815b46be300710ddf913fed7c63d1b) The OpenSSF Package Analysis project identified 'compositionupdate' @ 88.8.8 (npm) as malicious. It is considered malicious because: - The package.....

Malicious code in egstore-carousel (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (e32b3c589f221c9b4e1d86be2924f6e215e6bf6c03844a5084fb1f04eb33275e) The OpenSSF Package Analysis project identified 'egstore-carousel' @ 99.2.2 (npm) as malicious. It is considered malicious because: - The package...

Malicious code in dist-web (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (ff355bd5f2422ce630aeb0652869d4bdaa8f3f18cf576fc60a76588f3acf36b4) The OpenSSF Package Analysis project identified 'dist-web' @ 99.1.1 (npm) as malicious. It is considered malicious because: - The package...

Malicious code in diesel-site (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (bb78d01ad7ff8d210d59657017d35725abab41a1e59657ff43ac4ac0889ac493) The OpenSSF Package Analysis project identified 'diesel-site' @ 99.9.1 (npm) as malicious. It is considered malicious because: - The package...

Malicious code in apache2 (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (12b1a6eed914c86f199b052822217042e2afa047d6b1d9921fd30b56f1e5e650) The OpenSSF Package Analysis project identified 'apache2' @ 1.1.9 (npm) as malicious. It is considered malicious because: - The package...

Malicious code in bistrosk (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (275abca8527ba6a0a29bf30537bad45fb01533a199b59ca9543da88dda4f8334) The OpenSSF Package Analysis project identified 'bistrosk' @ 200.0.3 (npm) as malicious. It is considered malicious because: The package...

Malicious code in eslint-plugin-indeed (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (cd3cf0dfdda3ea0bf705d385efb05c56b971a408c4a0dceef3771d2e474a33e0) The OpenSSF Package Analysis project identified 'eslint-plugin-indeed' @ 99.99.9 (npm) as malicious. It is considered malicious because: - The...

CVE-2023-51446

GLPI is a Free Asset and IT Management Software package. When authentication is made against a LDAP, the authentication form can be used to perform LDAP injection. Upgrade to...

BIT-gitlab-2024-5430

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.10 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows a project maintainer can delete the merge request approval policy via...

CVE-2024-4011

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.1 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows non-project member to promote key results to...

CVE-2024-6323

Improper authorization in global search in GitLab EE affecting all versions from 16.11 prior to 16.11.5 and 17.0 prior to 17.0.3 and 17.1 prior to 17.1.1 allows an attacker leak content of a private repository in a public...

Malicious code in falsepositivecheck6969 (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (cef392714b654bd14df8ba24c491e8844b54e08fee392bff62632f7f3e5d6fa1) The OpenSSF Package Analysis project identified 'falsepositivecheck6969' @ 9999.9.9 (npm) as malicious. It is considered malicious because: - The...

Malicious code in zsbpwebsdktest (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (347bc418b55e9092cd6a48ff3f93f328085fa2c4192ba6dc2c5cf062c3d10c20) The OpenSSF Package Analysis project identified 'zsbpwebsdktest' @ 9999.99.91 (npm) as malicious. It is considered malicious because: - The package....

Malicious code in zsbpwebsdk (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (bf63d69adabe277a69df70ff7c39dd42b81fad4f512f8204458dc438d7edfb7d) The OpenSSF Package Analysis project identified 'zsbpwebsdk' @ 9999.9.9 (npm) as malicious. It is considered malicious because: - The package...

Malicious code in stateful-fastclick (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (5a06e5b71a04fa67ca20937e8e438c638644db87d181799a046d22c568e6c4c5) The OpenSSF Package Analysis project identified 'stateful-fastclick' @ 1.0.0 (npm) as malicious. It is considered malicious because: - The package.....