593 matches found
CVE-2024-2243 Csmock: command injection vulnerability in csmock-plugin-snyk
A vulnerability was found in csmock where a regular user of the OSH service anyone with a valid Kerberos ticket can use the vulnerability to disclose the confidential Snyk authentication token and to run arbitrary commands on OSH workers...
CVE-2024-2243 Csmock: command injection vulnerability in csmock-plugin-snyk
A vulnerability was found in csmock where a regular user of the OSH service anyone with a valid Kerberos ticket can use the vulnerability to disclose the confidential Snyk authentication token and to run arbitrary commands on OSH workers...
Exploit for CVE-2024-25175
CVE-2024-25175 Reflected XSS via HTTP Response Splitting...
Metasploit Wrap-Up 03/15/2024
New module content 3 GitLab Password Reset Account Takeover Authors: asterion04 and h00die Type: Auxiliary Pull request: 18716 contributed by h00die Path: admin/http/gitlabpasswordresetaccounttakeover AttackerKB reference: CVE-2023-7028 Description: This adds an exploit module that leverages an...
BIT-JENKINS-2020-2231
Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the remote address of the host starting a build via 'Trigger builds remotely', resulting in a stored cross-site scripting XSS vulnerability exploitable by users with Job/Configure permission or knowledge of the Authentication Toke...
The vulnerability of the Authentication Token Handler component in the IntelliJ IDEA integrated development environment allows a attacker to send the authentication token to any arbitrary URL.
The vulnerability of the Authentication Token Handler component in the IntelliJ IDEA integrated development environment exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to send authentication tokens to any specified URL...
JetBrains IntelliJ IDEA < 2023.3.3 Multiple Vulnerabilities (macOS)
The version of JetBrains IntelliJ IDEA installed on the remote macOS host is prior to 2023.3.3 It is, therefore, affected by multiple vulnerabilities: - Path traversal was possible when unpacking archives CVE-2024-24940 - A plugin for JetBrains Space was able to send an authentication token to an...
CVE-2023-6536
creationtimestamp| type| source ---|---|--- 2024-02-07 22:32:27+00:00| seen| https://t.me/ctinow/181001...
CVE-2024-24941
In JetBrains IntelliJ IDEA before 2023.3.3 a plugin for JetBrains Space was able to send an authentication token to an inappropriate URL...
CVE-2024-24941
In JetBrains IntelliJ IDEA before 2023.3.3 a plugin for JetBrains Space was able to send an authentication token to an inappropriate URL...
PT-2024-1694 · Jetbrains · Jetbrains Intellij Idea
Name of the Vulnerable Software and Affected Versions: JetBrains IntelliJ IDEA versions prior to 2023.3.3 Description: The issue exists due to insufficient input validation in the authentication token handler component of the integrated development environment. This could allow a remote attacker ...
CloudLinux CageFS 7.1.1-1 Token Disclosure
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 CloudLinux CageFS Token Disclosure Link: https://github.com/sbaresearch/advisories/tree/public/2020/SBA-ADV-20200707-01CloudLinuxCageFSTokenDisclosure Vulnerability Overview CloudLinux CageFS 7.1.1-1 or below passes the authentication token as a...
CVE-2020-36771
CloudLinux CageFS 7.1.1-1 or below passes the authentication token as a command line argument. In some configurations this allows local users to view the authentication token via the process list and gain code execution as another user...
CVE-2020-36771
CloudLinux CageFS vulnerability CVE-2020-36771 affects CageFS 7.1.1-1 and earlier: the authentication token is passed as a command line argument, which can allow a local user to view the token via the process list and gain code execution as another user. Affected versions: 7.1.1-1 and below. Root...
CVE-2020-36771
CloudLinux CageFS 7.1.1-1 or below passes the authentication token as a command line argument. In some configurations this allows local users to view the authentication token via the process list and gain code execution as another user...
PT-2024-10823 · Cloudlinux · Cloudlinux Cagefs
Name of the Vulnerable Software and Affected Versions: CloudLinux CageFS versions 7.1.1-1 and below Description: The issue allows local users to view the authentication token via the process list and gain code execution as another user, because the authentication token is passed as a command line...
CVE-2024-21638 Azure IPAM solution Elevation of Privilege Vulnerability
Azure IPAM IP Address Management is a lightweight solution developed on top of the Azure platform designed to help Azure customers manage their IP Address space easily and effectively. By design there is no write access to customers' Azure environments as the Service Principal used is only assign...
CVE-2023-36655
The login REST API in ProLion CryptoSpike 3.0.15P2 when LDAP or Active Directory is used as the users store allows a remote blocked user to login and obtain an authentication token by specifying a username with different uppercase/lowercase character combination...
CVE-2023-36655
The login REST API in ProLion CryptoSpike 3.0.15P2 when LDAP or Active Directory is used as the users store allows a remote blocked user to login and obtain an authentication token by specifying a username with different uppercase/lowercase character combination...
CVE-2023-36655
The login REST API in ProLion CryptoSpike 3.0.15P2 when LDAP or Active Directory is used as the users store allows a remote blocked user to login and obtain an authentication token by specifying a username with different uppercase/lowercase character combination...