flatCore before 1.5.7 allows XSS by an admin via the acp/acp.php?tn=pages&sub=edit&editpage=1 page_linkname, page_title, page_content, or page_extracontent parameter, or the acp/acp.php?tn=system&sub=sys_pref prefs_pagename, prefs_pagetitle, or prefs_pagesubtitle parameter. Date published : 2020-08-09 https://lists.openwall.net/full-disclosure/2020/08/07/1 https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-flatcore-cms/
** DISPUTED ** Prometheus Blackbox Exporter through 0.17.0 allows /probe?target= SSRF. NOTE: follow-on discussion suggests that this might plausibly be interpreted as both intended functionality and also a vulnerability. Date published : 2020-08-09 https://github.com/prometheus/blackbox_exporter/issues/669...
Combodo iTop contains a cross-site request forgery (CSRF) vulnerability, attackers can execute specific commands via malicious site request forgery. Date published : 2020-08-09 https://github.com/Combodo/iTop/security/advisories/GHSA-34rq-vfmf-gg5v https://www.twcert.org.tw/tw/cp-132-3837-050db-1.html
A security misconfiguration exists in Combodo iTop, which can expose sensitive information. Date published : 2020-08-09 https://github.com/Combodo/iTop/security/advisories/GHSA-97cw-cjxc-9×78 https://www.twcert.org.tw/tw/cp-132-3836-47d6c-1.html
Combodo iTop contains a stored Cross-site Scripting vulnerability, which can be attacked by uploading file with malicious script. Date published : 2020-08-09 https://github.com/Combodo/iTop/security/advisories/GHSA-qqrf-j8qv-g247 https://www.twcert.org.tw/tw/cp-132-3835-e8e8f-1.html
Combodo iTop does not validate inputted parameters, attackers can inject malicious commands and launch XSS attack. Date published : 2020-08-09 https://github.com/Combodo/iTop/security/advisories/GHSA-8vpf-8vjh-5fcv https://www.twcert.org.tw/tw/cp-132-3834-591e2-1.html
A function in Combodo iTop contains a vulnerability of Broken Access Control, which allows unauthorized attacker to inject command and disclose system information. Date published : 2020-08-09 https://github.com/Combodo/iTop/security/advisories/GHSA-88fq-r22m-64q2 https://www.twcert.org.tw/tw/cp-132-3833-46ae7-1.html
In JetBrains Upsource before 2020.1, information disclosure is possible because of an incorrect user matching algorithm. Date published : 2020-08-08 Home JetBrains Security Bulletin Q2 2020
JetBrains TeamCity before 2019.2.3 is vulnerable to reflected XSS in the administration UI. Date published : 2020-08-08 Home JetBrains Security Bulletin Q2 2020
JetBrains TeamCity before 2019.2.3 is vulnerable to stored XSS in the administration UI. Date published : 2020-08-08 Home JetBrains Security Bulletin Q2 2020
In JetBrains TeamCity before 2019.2.3, password parameters could be disclosed via build logs. Date published : 2020-08-08 Home JetBrains Security Bulletin Q2 2020
In JetBrains TeamCity before 2020.1.1, project parameter values can be retrieved by a user without appropriate permissions. Date published : 2020-08-08 Home JetBrains Security Bulletin Q2 2020
In JetBrains ToolBox version 1.17 before 1.17.6856, the set of signature verifications omitted the jetbrains-toolbox.exe file. Date published : 2020-08-08 Home JetBrains Security Bulletin Q2 2020
In JetBrains TeamCity before 2020.1, users are able to assign more permissions than they have. Date published : 2020-08-08 Home JetBrains Security Bulletin Q2 2020