Page 8 of 42 results (0.003 seconds)

CVSS: 5.3EPSS: 0%CPEs: 12EXPL: 0

app/views/journals/index.builder in Redmine before 2.6.9, 3.0.x before 3.0.7, and 3.1.x before 3.1.3 allows remote attackers to obtain sensitive information by viewing an Atom feed. app/views/journals/index.builder en Redmine en versiones anteriores a 2.6.9, 3.0.x en versiones anteriores a 3.0.7 y 3.1.x en versiones anteriores a 3.1.3 permite a atacantes remotos obtener información sensible visualizando un feed Atom. • http://www.debian.org/security/2016/dsa-3529 http://www.redmine.org/news/103 https://github.com/redmine/redmine/commit/7e423fb4538247d59e01958c48b491f196a1de56 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.8EPSS: 0%CPEs: 6EXPL: 1

Open redirect vulnerability in the redirect_back_or_default function in app/controllers/application_controller.rb in Redmine before 2.4.5 and 2.5.x before 2.5.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the back url (back_url parameter). Vulnerabilidad de redirección abierta en la función redirect_back_or_default en app/controllers/application_controller.rb en Redmine anterior a 2.4.5 y 2.5.x anterior a 2.5.1 permite a atacantes remotos redirigir usuarios hacia sitios web arbitrarios y realizar ataques de phishing a través de una URL en la url back (parámetro back_url). • http://jvn.jp/en/jp/JVN93004610/index.html http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000041.html http://seclists.org/oss-sec/2014/q2/84 http://secunia.com/advisories/57524 http://www.redmine.org/projects/redmine/wiki/Changelog http://www.redmine.org/projects/redmine/wiki/Changelog_2_4 http://www.redmine.org/projects/redmine/wiki/Security_Advisories http://www.securityfocus.com/bid/66674 https://github.com/redmine/redmine/commit/7567c3d8b21fe67e5f04e6839c1fce061600f2f3 • CWE-20: Improper Input Validation •

CVSS: 4.3EPSS: 0%CPEs: 41EXPL: 0

Cross-site scripting (XSS) vulnerability in the textile formatter in Redmine before 1.0.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el formateador texttile en Redmine anterior a v1.0.5 permite a atacantes remotos inyectar secuencias de comandos web o HTML mediante vectores desconocidos. • http://www.debian.org/security/2011/dsa-2261 http://www.openwall.com/lists/oss-security/2012/01/06/5 http://www.openwall.com/lists/oss-security/2012/01/06/7 http://www.redmine.org/news/49 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 96%CPEs: 12EXPL: 1

Unspecified vulnerability in the bazaar repository adapter in Redmine 0.9.x and 1.0.x before 1.0.5 allows remote attackers to execute arbitrary commands via unknown vectors. Vulnerabilidad no especificada en el adaptador repositorio bazaar en Redmine v0.9.x y v 1.0.x anterior a v1.0.5 permite a atacantes remotos ejecutar código arbitrario a través de vectores desconocidos. • https://www.exploit-db.com/exploits/41695 http://www.debian.org/security/2011/dsa-2261 http://www.openwall.com/lists/oss-security/2012/01/06/5 http://www.openwall.com/lists/oss-security/2012/01/06/7 http://www.redmine.org/news/49 - •

CVSS: 4.0EPSS: 0%CPEs: 5EXPL: 0

Unspecified vulnerability in the bazaar repository adapter in Redmine 1.0.x before 1.0.5 allows remote authenticated users to obtain sensitive information via unknown vectors. Vulnerabilidad no especificada en el adaptador repositorio bazaar en Redmine v1.0.x anterior a v1.0.5 permite a atacantes remotos autenticados obtener información sensible mediante vectores desconocidos. • http://www.debian.org/security/2011/dsa-2261 http://www.openwall.com/lists/oss-security/2012/01/06/5 http://www.openwall.com/lists/oss-security/2012/01/06/7 http://www.redmine.org/news/49 •