A stored cross-site scripting (XSS) vulnerability in Plone CMS 5.2.3 exists in site-controlpanel via the "form.widgets.site_title" parameter. Date published : 2021-03-24 https://github.com/plone/Products.CMFPlone/issues/3255 https://www.exploit-db.com/exploits/49668
The unofficial MATLAB extension before 2.0.1 for Visual Studio Code allows attackers to execute arbitrary code via a crafted workspace because of lint configuration settings. Date published : 2021-03-24 https://github.com/Gimly/vscode-matlab/commit/fc5dc53397677464099e80629e785a25718bf5ec https://github.com/Gimly/vscode-matlab/releases
An issue was discovered in Contiki through 3.0. When sending an ICMPv6 error message because of invalid extension header options in an incoming IPv6 packet, there is an attempt to remove the RPL extension...
Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via firstname parameter. Date published : 2021-03-24 http://packetstormsecurity.com/files/161642/Doctor-Appointment-System-1.0-Blind-SQL-Injection.html https://www.sourcecodester.com/php/14182/doctor-appointment-system.html
Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via email parameter. Date published : 2021-03-24 http://packetstormsecurity.com/files/161642/Doctor-Appointment-System-1.0-Blind-SQL-Injection.html
Blind SQL injection in contactus.php in doctor appointment system 1.0 allows an unauthenticated attacker to insert malicious SQL queries via lastname parameter. Date published : 2021-03-24 http://packetstormsecurity.com/files/161641/Doctor-Appointment-System-1.0-SQL-Injection.html
Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via the comment parameter. Date published : 2021-03-24 http://packetstormsecurity.com/files/161641/Doctor-Appointment-System-1.0-SQL-Injection.html
An issue has been discovered in GitLab affecting all versions starting with 7.1. A member of a private group was able to validate the use of a specific name for private project. Date published...
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2 allowing unauthorized authenticated users to execute arbitrary code on the server. Date published : 2021-03-24 https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22192.json https://gitlab.com/gitlab-org/gitlab/-/issues/324452
An authorization issue in GitLab CE/EE version 9.4 and up allowed a group maintainer to modify group CI/CD variables which should be restricted to group owners Date published : 2021-03-24 https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22186.json https://gitlab.com/gitlab-org/gitlab/-/issues/321653
Insufficient input sanitization in wikis in GitLab version 13.8 and up allows an attacker to exploit a stored cross-site scripting vulnerability via a specially-crafted commit to a wiki Date published : 2021-03-24 https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22185.json https://gitlab.com/gitlab-org/gitlab/-/issues/299143
A vulnerability was discovered in GitLab versions before 12.2. GitLab was vulnerable to a SSRF attack through the Outbound Requests feature. Date published : 2021-03-24 https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22179.json https://gitlab.com/gitlab-org/gitlab/-/issues/293733
An issue has been discovered in GitLab affecting all versions starting from 13.2. Gitlab was vulnerable to SRRF attack through the Prometheus integration. Date published : 2021-03-24 https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22178.json https://gitlab.com/gitlab-org/gitlab/-/issues/284819
An issue has been discovered in GitLab affecting all versions starting with 3.0.1. Improper access control allows demoted project members to access details on authored merge requests Date published : 2021-03-24 https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22176.json https://gitlab.com/gitlab-org/gitlab/-/issues/243491