The parse_cmd function in lib/gitlab_shell.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, and Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote authenticated users to gain privileges and clone arbitrary repositories....
The (1) create_branch, (2) create_tag, (3) import_project, and (4) fork_project functions in lib/gitlab_projects.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote authenticated users...
vtiger CRM 5.4.0 and earlier contain a PHP Code Injection Vulnerability in ‘vtigerolservice.php’. Date published : 2020-01-28 http://www.securityfocus.com/bid/61558 http://www.exploit-db.com/exploits/30787
vtiger CRM 5.4.0 and earlier contain local file-include vulnerabilities in ‘customerportal.php’ which allows remote attackers to view files and execute local script code. Date published : 2020-01-28 http://www.securityfocus.com/bid/61560 http://www.exploit-db.com/exploits/27279
ASUS RT-N56U devices allow CSRF. Date published : 2020-01-28 https://www.securityfocus.com/archive/1/531194
NetGear WNDR4700 Media Server devices with firmware 1.0.0.34 allow remote attackers to cause a denial of service (device crash). Date published : 2020-01-28 https://www.securityfocus.com/bid/59303
NETGEAR Centria WNDR4700 devices with firmware 1.0.0.34 allow authentication bypass. Date published : 2020-01-28 https://www.securityfocus.com/bid/59406
Secure Entry Server before 4.7.0 contains a URI Redirection vulnerability which could allow remote attackers to conduct phishing attacks due to HSP_AbsoluteRedirects being disabled by default. Date published : 2020-01-28 http://www.securityfocus.com/bid/64422 https://exchange.xforce.ibmcloud.com/vulnerabilities/89853
Belkin Wemo Switch before WeMo_US_2.00.2176.PVT could allow remote attackers to upload arbitrary files onto the system. Date published : 2020-01-28 http://www.securityfocus.com/bid/58929 http://www.exploit-db.com/exploits/24924
Cross-site Scripting (XSS) in WordPress podPress Plugin 8.8.10.13 could allow remote attackers to inject arbitrary web script or html via the ‘playerID’ parameter. Date published : 2020-01-28 http://www.securityfocus.com/bid/58421
Iris 3.8 before build 1548, as used in Xpient point of sale (POS) systems, allows remote attackers to execute arbitrary commands via a crafted request to TCP port 7510, as demonstrated by opening the...
The download_from_url function in OpenShift Origin allows remote attackers to execute arbitrary commands via shell metacharacters in the URL of a request to download a cart. Date published : 2020-01-28 http://www.openwall.com/lists/oss-security/2013/05/07/1 http://www.securityfocus.com/bid/59687
The py-bcrypt module before 0.3 for Python does not properly handle concurrent memory access, which allows attackers to bypass authentication via multiple authentication requests, which trigger the password hash to be overwritten. Date published...
An Authentication vulnerability exists in D-LINK WCS-1100 1.02, TESCO DCS-2121 1.05_TESCO, TESCO DCS-2102 1.05_TESCO, DCS-7510 1.00, DCS-7410 1.00, DCS-6410 1.00, DCS-5635 1.01, DCS-5605 1.01, DCS-5230L 1.02, DCS-5230 1.02, DCS-3430 1.02, DCS-3411 1.02, DCS-3410 1.02,...