134 matches found
K08464741: Bash vulnerability CVE-2017-5932
Security Advisory Description The path autocompletion feature in Bash 4.4 allows local users to gain privileges via a crafted filename starting with a " double quote character and a command substitution metacharacter. CVE-2017-5932 Impact There is no impact; F5 products are not affected by this...
SUSE CVE-2015-0822
The Form Autocompletion feature in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to read arbitrary files via crafted JavaScript code...
SUSE CVE-2017-5932
The path autocompletion feature in Bash 4.4 allows local users to gain privileges via a crafted filename starting with a " double quote character and a command substitution metacharacter...
SUSE CVE-2017-1000392
Jenkins 2.88 and earlier; 2.73.2 and earlier Autocompletion suggestions for text fields were not escaped, resulting in a persisted cross-site scripting vulnerability if the source for the suggestions allowed specifying text that includes HTML metacharacters like less-than and greater-than...
SUSE CVE-2018-7738
In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command within Bash by a different user, as demonstrated by logging in as root and entering umount followed by a tab...
Medium: util-linux
Issue Overview: A command injection flaw was found in the way util-linux implements umount autocompletion in Bash. An attacker with the ability to mount a filesystem with custom mount points may execute arbitrary commands on behalf of the user who triggers the umount autocompletion. CVE-2018-7738...
GHSA-M8F2-9282-X38V Jenkins ElectricFlow Plugin Missing permission checks
Various form validation and form autocompletion methods in CloudBees CD Plugin lacked permission checks. This allowed attackers with Overall/Read access to obtain information about the configuration of CloudBees CD Plugin, as well as the configuration and data of connected ElectricFlow servers...
GHSA-5PPX-RGW2-XG23 Improper Neutralization of Input During Web Page Generation in Jenkins
Jenkins 2.88 and earlier; 2.73.2 and earlier Autocompletion suggestions for text fields were not escaped, resulting in a persisted cross-site scripting vulnerability if the source for the suggestions allowed specifying text that includes HTML metacharacters like less-than and greater-than...
CVE-2022-26159
The auto-completion plugin in Ametys CMS before 4.5.0 allows a remote unauthenticated attacker to read documents such as plugins/web/service/search/auto-completion//en.xml and similar pathnames for other languages, which contain all characters typed by all users, including the content of private...
Mageia: Security Advisory (MGASA-2018-0237)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
The vulnerability of the shell autocompletion function in the UNIX command shell Zsh allows a hacker to gain access to confidential data, compromise its integrity, and cause service failures.
The vulnerability of the shell autocompletion function in the UNIX command shell Zsh is related to buffer overflow attacks. Exploiting this vulnerability can allow attackers to access confidential data, compromise its integrity, and even cause service failures...
Remote-Method-Guesser - Tool For Java RMI Enumeration And Bruteforce Of Remote Methods
remote-method-guesser rmg is a command line utility written in Java and can be used to identify security vulnerabilities on Java RMI endpoints. Currently, the following operations are supported: List available bound names and their corresponding interface class names List codebase locations if...
FreeBSD : glpi -- Account takeover vulnerability (d3f60db0-3aea-11eb-af2a-080027dbe4b7)
MITRE Corporation reports : GLPI through 9.4.3 is prone to account takeover by abusing the ajax/autocompletion.php autocompletion feature. The lack of correct validation leads to recovery of the token generated via the password reset functionality, and thus an authenticated attacker can set an...
CVE-2020-3890
The issue was addressed with improved deletion. This issue is fixed in iOS 13.4 and iPadOS 13.4. Deleted messages groups may still be suggested as an autocompletion...
Arbitrary file deletion
The issue was addressed with improved deletion. This issue is fixed in iOS 13.4 and iPadOS 13.4. Deleted messages groups may still be suggested as an autocompletion...
CVE-2020-3890
CVE-2020-3890 affects Apple iOS/iPadOS Messages Composition: a logic/deletion issue allowed deleted message groups to be suggested as autocompletion. Root cause: deletion handling in Messages Composition. Impact: potential leakage of deleted content via autocomplete suggestions. Mitigation: patch...
CVE-2020-3890
The issue was addressed with improved deletion. This issue is fixed in iOS 13.4 and iPadOS 13.4. Deleted messages groups may still be suggested as an autocompletion...
Microsoft VSCode Python Extension - Code Execution
Microsoft VSCode Python Extension - Code Execution VSCode Python Extension Code Execution This repository contains the Proof-of-Concept of a code execution vulnerability discovered in the Visual Studio Code Python extension. TL;DR: VScode may use code from a virtualenv found in the project folder...
Microsoft VSCode Python Extension - Code Execution
VSCode Python Extension Code Execution This repository contains the Proof-of-Concept of a code execution vulnerability discovered in the Visual Studio Code Python extension. TL;DR: VScode may use code from a virtualenv found in the project folders without asking the user, for things such as...
CVE-2018-7738
A command injection flaw was found in the way util-linux implements umount autocompletion in Bash. An attacker with the ability to mount a filesystem with custom mount points may execute arbitrary commands on behalf of the user who triggers the umount autocompletion...