214 matches found
DEBIAN-CVE-2022-40617
strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity and intermediate CA certificate that contains a CRL/OCSP URL that points to a server under the attacker's control that doesn't properly respond but for example jus...
UBUNTU-CVE-2022-40617
strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity and intermediate CA certificate that contains a CRL/OCSP URL that points to a server under the attacker's control that doesn't properly respond but for example jus...
CVE-2022-41249
A cross-site request forgery CSRF vulnerability in Jenkins SCM HttpClient Plugin 1.5 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
Jenkins SCM HttpClient Plugin 跨站请求伪造漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A cross-site request...
Jenkins CONS3RT Plugin 安全漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
CVE-2022-34780
A cross-site request forgery CSRF vulnerability in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
Jenkins XebiaLabs XL Release Plugin 跨站请求伪造漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.Jenkins XebiaLabs XL Release Plugin 22.0....
Radancy: Admin account/panel takeOver and Doing actions in admin panel via DOM-based XSS
Hello team , I found Dom-XSS in your https://████████/ Webmail Admin Panel that manage attacker to stealing admin sensitive info and doing any action in your webmail admin panel . why and how this vulnerability happen : - if your reviewed the source code of this endpoint of the admin panel "...
PT-2022-22074 · Jenkins · Jenkins Easyqa Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins EasyQA Plugin versions 1.0 and earlier Description: A missing permission check in the plugin allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server. The form validation method is also vulnerable ...
Forward credential header to attacker host
Description Some Admins set the "Authorization" header with the help of a reverse proxy to restrict initial access to the Drawio application server. In this kind of setup, the "Authorization" header should always be sent to the reverse proxy, and the reverse proxy will forward it to Drawio But Th...
CVE-2022-1337
Mattermost’s image proxy component in version 6.4.1 and earlier allocates memory for multiple copies of a proxied image, enabling an authenticated attacker to crash the server by accessing links to very large image files. The consolidated set of sources (CVE-2022-1337 entries across NVD, Red Hat,...
CVE-2021-36777
A Reliance on Untrusted Inputs in a Security Decision vulnerability in the login proxy of the openSUSE Build service allowed attackers to present users with a expected login form that then sends the clear text credentials to an attacker specified server. This issue affects: openSUSE Build service...
CVE-2022-25200
A cross-site request forgery CSRF vulnerability in Jenkins Checkmarx Plugin 2022.1.2 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
Jenkins Plugin Snow Commander 权限许可和访问控制问题漏洞
Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Snow Commander Plugin 2.0 and earlier versions are vulnerable to an access control error that stems from not...
CVE-2022-23112
A missing permission check in Jenkins Publish Over SSH Plugin 1.22 and earlier allows attackers with Overall/Read access to connect to an attacker-specified SSH server using attacker-specified credentials...
UBUNTU-CVE-2021-36367
PuTTY through 0.75 proceeds with establishing an SSH session even if it has never sent a substantive authentication response. This makes it easier for an attacker-controlled SSH server to present a later spoofed authentication prompt that the attacker can use to capture credential data, and use...
Command Execution Vulnerability in NoneCms (CNVD-2021-49167)
NoneCMS is a content management system CMS based on Thinkphp. A command execution vulnerability exists in NoneCms, which can be exploited by an attacker to gain control of the server...
CVE-2021-21532
Dell Wyse ThinOS 8.6 MR9 contains remediation for an improper management server validation vulnerability that could be potentially exploited to redirect a client to an attacker-controlled management server, thus allowing the attacker to change the device configuration or certificate file...
Windows GravityRAT Malware Now Also Targets macOS and Android Devices
A Windows-based remote access Trojan believed to be designed by Pakistani hacker groups to infiltrate computers and steal users' data has resurfaced after a two-year span with retooled capabilities to target Android and macOS devices. According to cybersecurity firm Kaspersky, the malware — dubbe...
Zoho ManageEngine Desktop Central Integer Overflow Vulnerability
Zoho ManageEngine Desktop Central is integrated desktop and mobile device management software that helps manage servers, laptops, desktops, smartphones and tablets from a central location. An integer overflow vulnerability exists in the client for Zoho ManageEngine Desktop Central versions prior ...