Lucene search
+L

229 matches found

Hacker One
Hacker One
added 2020/01/22 11:1 p.m.16 views

HackerOne: Unauthenticated users can obtain information about Checklist objects with unclaimed ChecklistCheck objects

The Checklist objects that can be queried through GraphQL are supposed to only be accessible by program members, the users who claimed or responded to a check belonging to a checklist, and HackerOne Pentesters. The Checklist object is also supposed to be in the running state e.g. when the platfor...

1.1AI score
Exploits0
RedHat Linux
RedHat Linux
added 2019/10/18 1:35 a.m.3 views

jenkins: CSRF protection tokens for anonymous users did not expire in some circumstances (SECURITY-1491)

A flaw was found in Jenkins. Users are allowed to obtain CSRF tokens without an associated web session ID, resulting in CSRF tokens that did not expire and could be used to bypass CSRF protection for the anonymous user. The highest threat from this vulnerability is to data confidentiality and...

8.8CVSS7.2AI score0.01578EPSS
Exploits0References5
OSV
OSV
added 2019/10/17 4:15 p.m.30 views

CVE-2019-11253

Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially crashing and becoming...

7.5CVSS7AI score
Exploits0References6
Prion
Prion
added 2019/10/17 4:15 p.m.30 views

Input validation

Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially crashing and becoming...

5CVSS7.3AI score0.25939EPSS
Exploits2References6Affected Software2
UbuntuCve
UbuntuCve
added 2019/10/17 4:15 p.m.32 views

CVE-2019-11253

Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially crashing and becoming...

7.5CVSS6.8AI score0.25939EPSS
Exploits2References2
RedHat Linux
RedHat Linux
added 2019/09/20 10:41 a.m.4 views

jenkins: CSRF protection tokens for anonymous users did not expire in some circumstances (SECURITY-1491)

A flaw was found in Jenkins. Users are allowed to obtain CSRF tokens without an associated web session ID, resulting in CSRF tokens that did not expire and could be used to bypass CSRF protection for the anonymous user. The highest threat from this vulnerability is to data confidentiality and...

8.8CVSS7.2AI score0.01578EPSS
Exploits0References5
OSV
OSV
added 2019/05/15 5:9 p.m.4 views

DRUPAL-CONTRIB-2019-047

In certain configuration cases, when a learning path is configured as semi-private, anonymous users are allowed to join a learning path when they should not...

6.8AI score
Exploits0References1
Drupal
Drupal
added 2019/05/15 12:0 a.m.16 views

Opigno Learning path - Moderately critical - Access bypass - SA-CONTRIB-2019-047

In certain configuration cases, when a learning path is configured as semi-private, anonymous users are allowed to join a learning path when they should not...

6.6AI score
Exploits0References6
0day.today
0day.today
added 2019/02/12 12:0 a.m.434 views

Jenkins 2.150.2 - Remote Command Execution Exploit

Exploit for linux platform in category web applications This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Jenkins %q This module can run commands on the system using Jenkins...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/02/12 12:0 a.m.139 views

Jenkins 2.150.2 - Remote Command Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Jenkins %q This module can run commands on the system using Jenkins users who has JOB creation and BUILD privileges. The...

7.4AI score
Exploits0
NVD
NVD
added 2019/01/22 3:29 p.m.22 views

CVE-2017-6922

In Drupal core 8.x prior to 8.3.4 and Drupal core 7.x prior to 7.56; Private files that have been uploaded by an anonymous user but not permanently attached to content on the site should only be visible to the anonymous user that uploaded them, rather than all anonymous users. Drupal core did not...

6.5CVSS6.3AI score0.01947EPSS
Exploits0References4
Cvelist
Cvelist
added 2019/01/22 3:0 p.m.23 views

CVE-2017-6922 Files uploaded by anonymous users into a private file system can be accessed by other anonymous users

In Drupal core 8.x prior to 8.3.4 and Drupal core 7.x prior to 7.56; Private files that have been uploaded by an anonymous user but not permanently attached to content on the site should only be visible to the anonymous user that uploaded them, rather than all anonymous users. Drupal core did not...

6.5AI score0.01947EPSS
Exploits0References4
NVD
NVD
added 2018/09/18 2:29 a.m.18 views

CVE-2018-16959

An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3. The portal component is delivered with an insecure default User Profile community configuration that allows anonymous users to retrieve the account names of all portal users via /portal/server.pt/user/user/ requests. When WCI ...

5.3CVSS4.8AI score0.0124EPSS
Exploits0References2
Prion
Prion
added 2018/09/18 2:29 a.m.14 views

Design/Logic Flaw

An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3. The portal component is delivered with an insecure default User Profile community configuration that allows anonymous users to retrieve the account names of all portal users via /portal/server.pt/user/user/ requests. When WCI ...

5CVSS4.7AI score0.0124EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2018/09/18 2:0 a.m.15 views

CVE-2018-16959

An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3. The portal component is delivered with an insecure default User Profile community configuration that allows anonymous users to retrieve the account names of all portal users via /portal/server.pt/user/user/ requests. When WCI ...

4.8AI score0.0124EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2018/06/11 12:0 a.m.39 views

Microsoft Windows: Network access: Let Everyone permissions apply to anonymous users

This test checks the setting for policy OpenVAS Vulnerability Test $Id: winnapermissionsanonymoususer.nasl 11532 2018-09-21 19:07:30Z cfischer $ Check value for Network access: Let Everyone permissions apply to anonymous users Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks...

7.3AI score
Exploits0
OpenVAS
OpenVAS
added 2018/06/11 12:0 a.m.110 views

Microsoft Windows: Network access: Shares that can be accessed anonymously

This security setting determines which network shares can accessed by anonymous users. C Microsoft Corporation 2015. Note: This policy check will report compliance by default if the key is empty or missing. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a...

7.4AI score
Exploits0References5
NVD
NVD
added 2018/05/08 8:29 p.m.29 views

CVE-2017-2606

Jenkins before versions 2.44, 2.32.2 is vulnerable to an information exposure in the internal API that allows access to item names that should not be visible SECURITY-380. This only affects anonymous users other users legitimately have access that were able to get a list of items via an...

4.3CVSS4.3AI score0.01911EPSS
Exploits0References4
OSV
OSV
added 2018/05/08 8:29 p.m.29 views

CVE-2017-2606

Jenkins before versions 2.44, 2.32.2 is vulnerable to an information exposure in the internal API that allows access to item names that should not be visible SECURITY-380. This only affects anonymous users other users legitimately have access that were able to get a list of items via an...

4.3CVSS4.7AI score0.01911EPSS
Exploits0References4
Drupal
Drupal
added 2018/04/18 12:0 a.m.21 views

Menu Import and Export - Critical - Access bypass - SA-CONTRIB-2018-018

This module helps in exporting and importing Menu Items via the administrative interface. The module does not properly restrict access to administrative pages, allowing anonymous users to export and import menu links. There is no mitigation for this vulnerability...

6.6AI score
Exploits0References6
Rows per page
Query Builder