Design/Logic Flaw

Cloud Foundry CredHub CLI, versions prior to 2.2.1, inadvertently writes authentication credentials provided via environment variables to its persistent config file. A local authenticated malicious user with access to the CredHub CLI config file can use these credentials to retrieve and modify...

CVE-2019-3782

Cloud Foundry CredHub CLI, versions prior to 2.2.1, inadvertently writes authentication credentials provided via environment variables to its persistent config file. A local authenticated malicious user with access to the CredHub CLI config file can use these credentials to retrieve and modify...

CVE-2019-3782

Cloud Foundry CredHub CLI, versions prior to 2.2.1, inadvertently writes authentication credentials provided via environment variables to its persistent config file. A local authenticated malicious user with access to the CredHub CLI config file can use these credentials to retrieve and modify...

CVE-2019-3782 CredHub CLI writes environment variable credentials to disk

Cloud Foundry CredHub CLI, versions prior to 2.2.1, inadvertently writes authentication credentials provided via environment variables to its persistent config file. A local authenticated malicious user with access to the CredHub CLI config file can use these credentials to retrieve and modify...

CVE-2019-3782: CredHub CLI writes environment variable credentials to disk | Cloud Foundry

Severity Medium Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions CredHub CLI All versions prior to 2.2.1 Description Cloud Foundry CredHub CLI, versions prior to 2.2.1, inadvertently writes authentication credentials provided via environment variables to its persistent...

SirsiDynix e-Library 3.5.x - Cross-Site Scripting

SirsiDynix e-Library 3.5.x - Cross-Site Scripting Exploit Title: SirsiDynix e-Library = 3.5.x - Cross-Site Scripting CVE: CVE-2018-20503 Date: 2019-24-01 Google Dork: inurl:/x/x/0/49 Exploit Author: Özkan Mustafa Akkuş AkkuS Contact: https://pentest.com.tr Vendor Homepage: http://www.sirsidynix.c...

Denial Of Service (DoS)

xorg-x11-server is vulnerable to denial of service DoS attacks. The vulnerability exists as X.Org X Window System aka X11 and X X11R5 and X.Org Server aka xserver and xorg-server before 1.16.3, when using SUN-DES-1 Secure RPC authentication credentials, does not check the return value of a malloc...

CVE-2018-1000629

Battelle V2I Hub 2.5.1 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by api/SystemConfigActions.php?action=add and the index.php script. A remote attacker could exploit this vulnerability using the parameterName or loginusername parameter in a...

CVE-2018-1000629

Battelle V2I Hub 2.5.1 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by api/SystemConfigActions.php?action=add and the index.php script. A remote attacker could exploit this vulnerability using the parameterName or loginusername parameter in a...

CVE-2018-1000629

Battelle V2I Hub 2.5.1 is affected by a Cross-Site Scripting vulnerability (CVE-2018-1000629). The issue arises from improper validation in api/SystemConfigActions.php?action=add and the index.php script, enabling a remote attacker to craft URLs using parameterName or _login_username to execute s...

Responsive Filemanager 9.8.1 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications I. VULNERABILITY ------------------------- Responsive Filemanager 9.8.1 Reflected Cross Site Scripting XSS II. CVE REFERENCE ------------------------- CVE-2018-18062 III. VENDOR ------------------------- https://www.responsivefilemanager.com I...

CVE-2018-0425 Cisco RV110W, RV130W, and RV215W Routers Management Interface Information Disclosure Vulnerability

A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is...

CVE-2018-0425 Cisco RV110W, RV130W, and RV215W Routers Management Interface Information Disclosure Vulnerability

A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is...

Security Bulletin: A vulnerability in the GSKit component of IBM Rational ClearQuest (CVE-2016-0201)

Summary A vulnerability has been addressed in the GSKit component of IBM Rational ClearQuest. Vulnerability Details CVEID: CVE-2016-0201 DESCRIPTION: IBM GSKit could allow a remote attacker to obtain sensitive information, caused by an MD5 collision. An attacker could exploit this vulnerability t...

Cloud Foundry Container Runtime Information Disclosure Vulnerability

Cloud Foundry Container Runtime is a system from the US-based Cloud Foundry Foundation that provides a unified way to instantiate, deploy, and manage Kubernetes clusters. An information disclosure vulnerability exists in Cloud Foundry Container Runtime kubo-release prior to version 0.14.0, which...

PHP 'Transfer-Encoding: chunked' XSS Vulnerability - Active Check

PHP is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; ifdescription...

Security Bulletin: GSKit and Hash Selection Vulnerability (CVE-2016-0201 )

Summary IBM Cloud Manager with OpenStack is vulnerable to a GSKit vulnerability, which allows the attackers to exploit this vulnerability to obtain authentication credentials. Vulnerability Details CVEID: CVE-2016-0201 DESCRIPTION: IBM GSKit could allow a remote attacker to obtain sensitive...

Security Bulletin: Rational Host On-Demand administrative interface is vulnerable to DOM XSS (CVE-2015-5002)

Summary IBM Rational Host On-Demand administrative interface is vulnerable to DOM XSS in multiple parameters, caused by improper validation of user supplied input Vulnerability Details CVEID: CVE-2015-5002 DESCRIPTION: IBM Host On-Demand is vulnerable to cross-site scripting, caused by improper...

Security Bulletin: OPEN Source Apache Struts Vulnerabilities IBM Platform Cluster Manager Standard Edition, IBM Platform Cluster Manager Advanced Edition, and Platform HPC (CVE-2016-4003)

Summary Apache Struts is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the URLDecoder implementation. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security...

Security Bulletin: Cross-site scripting vulnerability on the Projects page in IBM UrbanCode Build (CVE-2015-1983)

Summary IBM UrbanCode Build is vulnerable to cross-site scripting on the Projects page. Vulnerability Details CVE-ID: CVE-2015-1983 Description: IBM UrbanCode Build is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this...