Show filters
248 Total Results
Displaying 41-50 of 248
Sort by:
Attacker Value
Unknown

CVE-2024-47160

Disclosure Date: September 19, 2024 (last updated February 26, 2025)
In JetBrains YouTrack before 2024.3.44799 access to global app config data without appropriate permissions was possible
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2024-47159

Disclosure Date: September 19, 2024 (last updated February 26, 2025)
In JetBrains YouTrack before 2024.3.44799 user without appropriate permissions could restore workflows attached to a project
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2024-44004

Disclosure Date: September 17, 2024 (last updated February 26, 2025)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPTaskForce WPCargo Track & Trace allows SQL Injection.This issue affects WPCargo Track & Trace: from n/a through 7.0.6.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2024-38506

Disclosure Date: June 18, 2024 (last updated February 26, 2025)
In JetBrains YouTrack before 2024.2.34646 user without appropriate permissions could enable the auto-attach option for workflows
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2024-38505

Disclosure Date: June 18, 2024 (last updated February 26, 2025)
In JetBrains YouTrack before 2024.2.34646 user access token was sent to the third-party site
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2024-38504

Disclosure Date: June 18, 2024 (last updated February 26, 2025)
In JetBrains YouTrack before 2024.2.34646 the Guest User Account was enabled for attaching files to articles
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2024-35299

Disclosure Date: May 16, 2024 (last updated February 26, 2025)
In JetBrains YouTrack before 2024.1.29548 the SMTPS protocol communication lacked proper certificate hostname validation
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2021-35002

Disclosure Date: May 07, 2024 (last updated February 26, 2025)
BMC Track-It! Unrestricted File Upload Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of BMC Track-It!. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of email attachments. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-14122.
0
0
Attacker Value
Unknown

CVE-2021-35001

Disclosure Date: May 07, 2024 (last updated February 26, 2025)
BMC Track-It! GetData Missing Authorization Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of BMC Track-It!. Authentication is required to exploit this vulnerability. The specific flaw exists within the GetData endpoint. The issue results from the lack of authorization prior to allowing access to functionality. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-14527.
0
0
Attacker Value
Unknown

CVE-2024-28230

Disclosure Date: March 07, 2024 (last updated February 26, 2025)
In JetBrains YouTrack before 2024.1.25893 attaching/detaching workflow to a project was possible without project admin permissions
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
View More Topics  < Previous  Next >