23 matches found
EUVD-2014-3406
Malware in sbrugna...
EUVD-2022-6306
Malicious code in bioql PyPI...
CVE-2025-58460
A missing permission check in Jenkins OpenTelemetry Plugin 3.1543.v8446b92bcd64 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
BIT-CASSANDRA-2024-27137 Apache Cassandra: unrestricted deserialization of JMX authentication credentials
In Apache Cassandra it is possible for a local attacker without access to the Apache Cassandra process or configuration files to manipulate the RMI registry to perform a man-in-the-middle attack and capture user names and passwords used to access the JMX interface. The attacker can then use these...
CVE-2024-12511
With address book access, SMB/FTP settings could be modified, redirecting scans and possibly capturing credentials. This requires enabled scan functions and printer access...
CVE-2024-12511 SMB/FTP Address Book Scan Pass-back attack
With address book access, SMB/FTP settings could be modified, redirecting scans and possibly capturing credentials. This requires enabled scan functions and printer access...
PT-2025-1875
Name of the Vulnerable Software and Affected Versions HP affected versions not specified Description With access to the address book, an attacker could modify SMB/FTP settings, redirect scans, and possibly capture credentials. This requires enabled scan functions and printer access. Recommendatio...
Cross-site Scripting (XSS)
Typo3/Neos is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper handling of user input, allowing attackers to tamper with page rendering, redirect victims, capture credentials, and potentially upload backdoors...
CVE-2023-50768
A cross-site request forgery CSRF vulnerability in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2023-3971
An HTML injection flaw was found in Controller in the user interface settings. This flaw allows an attacker to capture credentials by creating a custom login page by injecting HTML, resulting in a complete compromise...
CVE-2023-37964
A cross-site request forgery CSRF vulnerability in Jenkins ElasticBox CI Plugin 5.0.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
Google TAG Warns of Russian Hackers Conducting Phishing Attacks in Ukraine
Elite hackers associated with Russia's military intelligence service have been linked to large-volume phishing campaigns aimed at hundreds of users in Ukraine to extract intelligence and influence public discourse related to the war. Google's Threat Analysis Group TAG, which is monitoring the...
PT-2022-20414 · Jenkins · Jenkins Ssh Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins SSH Plugin versions 2.6.1 and earlier Description: A missing permission check in the Jenkins SSH Plugin allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials...
CVE-2022-25193
Missing permission checks in Jenkins Snow Commander Plugin 1.10 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2022-25200
A cross-site request forgery CSRF vulnerability in Jenkins Checkmarx Plugin 2022.1.2 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
Design/Logic Flaw
Unprotected Transport of Credentials vulnerability in SiteManager provisioning service allows local attacker to capture credentials if the service is used after provisioning. This issue affects: Secomea SiteManager All versions prior to 9.5 on Hardware...
Docker before 1.3.1 and docker-py before 0.5.3 fall back to HTTP when the HTTPS connection to the registry fails which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position between the client and the registry to block HTTPS traffic.
...
tomcat: local privilege escalation
A privilege escalation flaw was found in Tomcat when the JMX Remote Lifecycle Listener was enabled. A local attacker without access to the Tomcat process or configuration files could be able to manipulate the RMI registry to perform a man-in-the-middle attack. The attacker could then capture user...
CVE-2019-16566
A missing permission check in Jenkins Team Concert Plugin 1.3.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
Design/Logic Flaw
WebKit in Apple Safari before 5.1.4 does not properly handle redirects in conjunction with HTTP authentication, which might allow remote web servers to capture credentials by logging the Authorization HTTP header...