Writeup Exploits
60,737 exploits tracked across all sources.
GitLab < 12.2.1 - Authentication and Session Management Issue
An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Certain account actions needed improved authentication and session management.
CVSS 6.5
GitLab < 12.2.1 - Denial of Service via CI Pipeline Resource Exhaustion
An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Under certain circumstances, CI pipelines could potentially be used in a denial of service attack.
CVSS 7.5
GitLab 8.6.0-12.2.1 - Unauthorized Exposure of Sensitive Commit and Comment Data
An issue was discovered in GitLab Community and Enterprise Edition 8.6 through 12.2.1. Under very specific conditions, commit titles and team member comments could become viewable to users who did not have permission to access these.
CVSS 4.3
GitLab 7.12-12.2.1 - Unauthorized Exposure of Default Branch Name
An issue was discovered in GitLab Community and Enterprise Edition 7.12 through 12.2.1. The specified default branch name could be exposed to unauthorized users.
CVSS 4.3
GitLab CE/EE <12.2.1 - Info Disclosure
An issue was discovered in GitLab Community and Enterprise Edition 12.2 through 12.2.1. The project import API could be used to bypass project visibility restrictions.
CVSS 5.3
GitLab 12.0-12.2.1 - Unauthenticated Merge Request Comment Access
An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.2.1. Non-members were able to comment on merge requests despite the repository being set to allow only project members to do so.
CVSS 5.3
GitLab 8.14.0-12.2.1 - Server-Side Request Forgery via Jira Integration
An issue was discovered in GitLab Community and Enterprise Edition 8.14 through 12.2.1. The Jira integration contains a SSRF vulnerability as a result of a bypass of the current protection mechanisms against this type of attack, which would allow sending requests to any resources accessible in the local network by the GitLab server.
CVSS 7.5
GitLab 8.18-12.2.1 - Information Disclosure via Merge Request Pipeline Endpoint
An issue was discovered in GitLab Community and Enterprise Edition 8.18 through 12.2.1. An internal endpoint unintentionally disclosed information about the last pipeline that ran for a merge request.
CVSS 7.5
GitLab 10.1-12.2.1 - Server-Side Request Forgery via Kubernetes Integration
An issue was discovered in GitLab Community and Enterprise Edition 10.1 through 12.2.1. Protections against SSRF attacks on the Kubernetes integration are insufficient, which could have allowed an attacker to request any local network resource accessible from the GitLab server.
CVSS 7.5
GitLab 11.2.0-12.2.1 - Unauthorized Exposure of CI Metrics Data
An issue was discovered in GitLab Community and Enterprise Edition 11.2 through 12.2.1. Insufficient permission checks were being applied when displaying CI results, potentially exposing some CI metrics data to unauthorized users.
CVSS 5.3
GitLab < 12.2.1 - Information Disclosure via Markdown Embedded Media
An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Embedded images and media files in markdown could be pointed to an arbitrary server, which would reveal the IP address of clients requesting the file from that server.
CVSS 5.3
GitLab 12.0-12.2.1 - Authorization Bypass via Epic Notes API
An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.2.1. An IDOR in the epic notes API that could result in disclosure of private milestones, labels, and other information.
CVSS 7.5
GitLab 11.10.0-12.2.1 - Cross-Site Scripting in Label Descriptions
An issue was discovered in GitLab Community and Enterprise Edition 11.10 through 12.2.1. Label descriptions are vulnerable to HTML injection.
CVSS 6.1
GitLab 11.9.4-11.10.1 - Missing Authorization via Merge Request Email Creation
An issue was discovered in GitLab Community and Enterprise Edition 11.9.x and 11.10.x before 11.10.1. Merge requests created by email could be used to bypass push rules in certain situations.
CVSS 5.3
GitLab 8.15.0-12.2.1 - Denial of Service via Markdown Mathematical Expression Parsing
An issue was discovered in GitLab Community and Enterprise Edition 8.15 through 12.2.1. Particular mathematical expressions in GitLab Markdown can exhaust client resources.
CVSS 7.5
GitLab 10.8.0-12.2.1 - Authenticated Incorrect Permission Assignment for Critical Resource via Internal Endpoint
An issue was discovered in GitLab Community and Enterprise Edition 10.8 through 12.2.1. An internal endpoint unintentionally allowed group maintainers to view and edit group runner settings.
CVSS 5.4
GitLab 12.0-12.1.4 - Use of Hard-coded Credentials
An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.1.4. It uses Hard-coded Credentials.
CVSS 9.8
JFinal < 4.4 and com.jfinal < 4.5 - Unrestricted Upload of File with Dangerous Type via isSafeFile Bypass
In JFinal cos before 2019-08-13, as used in JFinal 4.4, there is a vulnerability that can bypass the isSafeFile() function: one can upload any type of file. For example, a .jsp file may be stored and almost immediately deleted, but this deletion step does not occur for certain exceptions.
CVSS 7.5
Technicolor TC7300.b0_firmware - Stored Cross-Site Scripting via FTPDiag.asp FileName Parameter
An XSS vulnerability on Technicolor TC7300 STFA.51.20 devices allows remote attackers to inject arbitrary web script via the FileName parameter to /FTPDiag.asp.
CVSS 5.4
Technicolor TC7300.b0_firmware STFA.51.20 - Cross-Site Scripting via Connected Clients Field
An XSS vulnerability on Technicolor TC7300 STFA.51.20 devices allows remote attackers to inject arbitrary web script via the "Connected Clients" field to /wlanAccess.asp. An intranet host can use a crafted hostname to exploit this.
CVSS 5.4
ReportLab < 3.5.26 - Remote Code Execution via toColor eval Injection
ReportLab through 3.5.26 allows remote code execution because of toColor(eval(arg)) in colors.py, as demonstrated by a crafted XML document with '<span color="' followed by arbitrary Python code.
CVSS 9.8
DAViCal < 1.1.8 - Reflected Cross-Site Scripting via Action Parameter
A reflected XSS issue was discovered in DAViCal through 1.1.8. It echoes the action parameter without encoding. If a user visits an attacker-supplied link, the attacker can view all data the attacked user can view, as well as perform all actions in the name of the user. If the user is an administrator, the attacker can for example add a new admin user to gain full access to the application.
CVSS 9.3
DAViCal < 1.1.8 - Cross-Site Request Forgery
A CSRF issue was discovered in DAViCal through 1.1.8. If an authenticated user visits an attacker-controlled webpage, the attacker can send arbitrary requests in the name of the user to the application. If the attacked user is an administrator, the attacker could for example add a new admin user.
CVSS 8.8
DAViCal <= 1.1.8 - Stored Cross-Site Scripting via User Profile Fields
A stored XSS issue was discovered in DAViCal through 1.1.8. It does not adequately sanitize output of various fields that can be set by unprivileged users, making it possible for JavaScript stored in those fields to be executed by another (possibly privileged) user. Affected database fields include Username, Display Name, and Email.
CVSS 5.4
Electronic Logbook 3.1.4 - Cross-Site Scripting via Localization Value Parameter
A cross-site scripting (XSS) vulnerability in Electronic Logbook (ELOG) 3.1.4 allows remote attackers to inject arbitrary web script or HTML via the value parameter in a localization (loc) command to elogd.c.
CVSS 6.1
By Source