Lucene search
K

134 matches found

NVD
NVD
added 2019/09/25 8:15 p.m.32 views

CVE-2019-14666

GLPI through 9.4.3 is prone to account takeover by abusing the ajax/autocompletion.php autocompletion feature. The lack of correct validation leads to recovery of the token generated via the password reset functionality, and thus an authenticated attacker can set an arbitrary password for any use...

8.8CVSS8.8AI score0.02234EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2019/09/25 8:15 p.m.26 views

CVE-2019-14666

GLPI through 9.4.3 is prone to account takeover by abusing the ajax/autocompletion.php autocompletion feature. The lack of correct validation leads to recovery of the token generated via the password reset functionality, and thus an authenticated attacker can set an arbitrary password for any use...

8.8CVSS7AI score0.02234EPSS
Exploits1References2
Cvelist
Cvelist
added 2019/09/25 7:19 p.m.33 views

CVE-2019-14666

GLPI through 9.4.3 is prone to account takeover by abusing the ajax/autocompletion.php autocompletion feature. The lack of correct validation leads to recovery of the token generated via the password reset functionality, and thus an authenticated attacker can set an arbitrary password for any use...

8.8AI score0.02234EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2019/06/11 12:0 a.m.5 views

PT-2019-11733 · Jenkins +1 · Jenkins Electricflow Plugin +2

Name of the Vulnerable Software and Affected Versions: Jenkins ElectricFlow Plugin version 1.1.5 and earlier CloudBees CD Plugin affected versions not specified Description: The issue concerns missing permission checks in various HTTP endpoints of the Jenkins ElectricFlow Plugin and form validati...

4.3CVSS4.4AI score0.01353EPSS
Exploits0References8
NVD
NVD
added 2019/05/13 2:29 p.m.19 views

CVE-2019-8350

The Simple - Better Banking application 2.45.0 through 2.45.3 fixed in 2.46.0 for Android was affected by an information disclosure vulnerability that leaked the user's password to the keyboard autocomplete functionality. Third-party Android keyboards that capture the password may store this...

6.8CVSS6.3AI score0.00328EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2018/11/21 12:0 a.m.23 views

FreeBSD : Gitlab -- Multiple vulnerabilities (d889d32c-ecd9-11e8-9416-001b217b3468)

Gitlab reports : Persistent XSS Autocompletion Unauthorized service template creation C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyright 2003-2021 Jacques Vidrine and contributors Redistribution and us...

8.8CVSS7.1AI score0.01986EPSS
Exploits1References4
Mageia
Mageia
added 2018/05/16 8:24 a.m.57 views

Updated util-linux packages fix security vulnerability

A command injection flaw was found in the way util-linux implements umount autocompletion in Bash. An attacker with the ability to mount a filesystem with custom mount points may execute arbitrary commands on behalf of the user who triggers the umount autocompletion CVE-2018-7738...

7.8CVSS5.8AI score0.00457EPSS
Exploits0References2
Filippo.io
Filippo.io
added 2018/05/03 3:53 a.m.26 views

Making a Gmail bot with Apps Script and TypeScript

Google Apps Script is one of the best hidden features of Gmail. Did you ever want just a bit more flexibility from a filter? Maybe the ability to remove a label, or match on a header, or just decide the order they are applied in. Apps Script can do all that and then some. They are simple JavaScri...

7.4AI score
Exploits0
NVD
NVD
added 2018/03/07 2:29 a.m.22 views

CVE-2018-7738

In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command within Bash by a different user, as demonstrated by logging in as root and entering umount followed by a tab...

7.8CVSS7.8AI score0.00457EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2018/03/07 2:29 a.m.27 views

CVE-2018-7738

In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command within Bash by a different user, as demonstrated by logging in as root and entering umount followed by a tab...

7.8CVSS7.1AI score0.00457EPSS
Exploits0References2
OSV
OSV
added 2018/03/07 2:29 a.m.4 views

UBUNTU-CVE-2018-7738

In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command within Bash by a different user, as demonstrated by logging in as root and entering umount followed by a tab...

7.8CVSS7.2AI score0.00457EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2018/03/06 12:0 a.m.3 views

PT-2018-3086 · Gnu +5 · Util-Linux +5

Name of the Vulnerable Software and Affected Versions: JunOS version affected versions not specified util-linux versions prior to 2.32-rc1 Description: The issue exists due to insufficient input validation in the srxpfe process of JunOS, allowing a remote attacker to cause a denial of service. In...

7.8CVSS8AI score0.00457EPSS
Exploits0References72
CNVD
CNVD
added 2018/02/02 12:0 a.m.4 views

CloudBees Jenkins Cross-Site Scripting Vulnerability

CloudBees Jenkins formerly known as Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and some of the timed execution of the task . A...

4.8CVSS6.7AI score0.01149EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2018/01/26 2:29 a.m.18 views

CVE-2017-1000392

Jenkins 2.88 and earlier; 2.73.2 and earlier Autocompletion suggestions for text fields were not escaped, resulting in a persisted cross-site scripting vulnerability if the source for the suggestions allowed specifying text that includes HTML metacharacters like less-than and greater-than...

4.8CVSS6.2AI score0.01149EPSS
Exploits0References2
NVD
NVD
added 2018/01/26 2:29 a.m.24 views

CVE-2017-1000392

Jenkins 2.88 and earlier; 2.73.2 and earlier Autocompletion suggestions for text fields were not escaped, resulting in a persisted cross-site scripting vulnerability if the source for the suggestions allowed specifying text that includes HTML metacharacters like less-than and greater-than...

4.8CVSS4.8AI score0.01149EPSS
Exploits0References3
OSV
OSV
added 2018/01/26 2:29 a.m.26 views

CVE-2017-1000392

Jenkins 2.88 and earlier; 2.73.2 and earlier Autocompletion suggestions for text fields were not escaped, resulting in a persisted cross-site scripting vulnerability if the source for the suggestions allowed specifying text that includes HTML metacharacters like less-than and greater-than...

4.8CVSS5.2AI score
Exploits0References3
Cvelist
Cvelist
added 2018/01/26 2:0 a.m.28 views

CVE-2017-1000392

Jenkins 2.88 and earlier; 2.73.2 and earlier Autocompletion suggestions for text fields were not escaped, resulting in a persisted cross-site scripting vulnerability if the source for the suggestions allowed specifying text that includes HTML metacharacters like less-than and greater-than...

5.7AI score0.01149EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2017/11/23 11:49 a.m.20 views

CVE-2017-1000392

Jenkins 2.88 and earlier; 2.73.2 and earlier Autocompletion suggestions for text fields were not escaped, resulting in a persisted cross-site scripting vulnerability if the source for the suggestions allowed specifying text that includes HTML metacharacters like less-than and greater-than...

4.8CVSS1.9AI score0.01149EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2017/11/10 12:0 a.m.9 views

FreeBSD : jenkins -- multiple issues (1c2a9d76-9d98-43c3-8f5d-8c059b104d99)

Jenkins developers report : Jenkins stores metadata related to people, which encompasses actual user accounts, as well as users appearing in SCM, in directories corresponding to the user ID on disk. These directories used the user ID for their name without additional escaping. This potentially...

5.1AI score
Exploits0References2
Veracode
Veracode
added 2017/06/01 4:48 a.m.15 views

Autofill Passwords

Moodle is vulnerable to autofilled passwords. The form-autocompletion functionality reveals passwords in a non-password field on the create groups page. This only occurs when used on the safari browser on an iPad device...

2.1CVSS6AI score0.00403EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder