CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-47244
https://notcve.org/view.php?id=CVE-2025-47244
03 May 2025 — Inedo ProGet through 2024.22 allows remote attackers to reach restricted functionality through the C# reflection layer, as demonstrated by causing a denial of service (when an attacker executes a loop calling RestartWeb) or obtaining potentially sensitive information. Exploitation can occur if Anonymous access is enabled, or if there is a successful CSRF attack. • https://docs.inedo.com/docs/proget/installation/installation-guide • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-15608
https://notcve.org/view.php?id=CVE-2017-15608
26 Sep 2018 — Inedo ProGet before 5.0 Beta5 has CSRF, allowing an attacker to change advanced settings. Inedo ProGet en versiones anteriores a la 5.0 Beta5 tiene Cross-Site Request Forgery (CSRF), lo que permite que un atacante cambie opciones avanzadas. • https://inedo.com/blog/proget-50-beta5-released • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-15607
https://notcve.org/view.php?id=CVE-2017-15607
01 Dec 2017 — Inedo Otter before 1.7.4 has directory traversal in filesystem-based rafts via vectors involving '/' characters or initial '.' characters, aka OT-181. Inedo Otter en versiones anteriores a la 1.7.4 tiene una vulnerabilidad de salto de directorio en los rafts basados en el sistema de archivos mediante vectores que incluyen caracteres "/" o caracteres iniciales ".". Esta vulnerabilidad también se conoce como OT-181. • https://inedo.com/blog/otter-174-released • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-17086
https://notcve.org/view.php?id=CVE-2017-17086
01 Dec 2017 — Indeo Otter through 1.7.4 mishandles a "" substring in an initial DP payload, which allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact, as demonstrated by the Plan Editor. Inedo Otter hasta la versión 1.7.4 gestiona de manera incorrecta una subcadena "/script" en una carga útil DP inicial, lo que permite que los atacantes remotos causen una denegación de servicio (DoS) o posiblemente otro impacto no especificado, tal y como se demuestra con Plan E... • https://inedo.myjetbrains.com/youtrack/issue/ILIB-11 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-16520
https://notcve.org/view.php?id=CVE-2017-16520
11 Nov 2017 — Inedo BuildMaster before 5.8.2 does not properly restrict creation of RequireManageAllPrivileges event listeners. Las versiones anteriores a la 5.8.2 de Inedo BuildMaster no restringen correctamente la creación de escuchas de eventos RequireManageAllPrivileges. • https://inedo.com/blog/buildmaster-582-released • CWE-269: Improper Privilege Management •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-16760
https://notcve.org/view.php?id=CVE-2017-16760
10 Nov 2017 — Inedo BuildMaster before 5.8.2 has XSS. Las versiones anteriores a la 5.8.2 de Inedo BuildMaster tienen Cross-Site Scripting (XSS). • https://inedo.com/blog/buildmaster-582-released • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-16761
https://notcve.org/view.php?id=CVE-2017-16761
10 Nov 2017 — An Open Redirect vulnerability in Inedo BuildMaster before 5.8.2 allows remote attackers to redirect users to arbitrary web sites. Una vulnerabilidad de redirección abierta en Inedo BuildMaster en versiones anteriores a la 5.8.2 permite que atacantes remotos redireccionen usuarios a sitios web arbitrarios. • https://inedo.com/blog/buildmaster-582-released • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-16521
https://notcve.org/view.php?id=CVE-2017-16521
10 Nov 2017 — In Inedo BuildMaster before 5.8.2, XslTransform was used where XslCompiledTransform should have been used. En versiones anteriores a la 5.8.2 de Inedo BuildMaster, se utilizó XslTransform donde se debería haber empleado XslCompiledTransform. • https://gitlab.com/inedo/buildmaster/commit/4f4c737fefe44c3227535946f535fb7ef468d721 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-14944
https://notcve.org/view.php?id=CVE-2017-14944
29 Sep 2017 — Inedo ProGet before 4.7.14 does not properly address dangerous package IDs during package addition, aka PG-1060. Las versiones anteriores a la 4.7.14 de Inedo ProGet no gestiona correctamente los ID de paquetes peligrosos a la hora de añadir paquetes. Esto también se conoce como PG-1060. • http://inedo.com/blog/proget-4714-released • CWE-20: Improper Input Validation •