OwnCloud 8.1.8 Username Disclosure Vulnerability

OwnCloud version 8.1.8 suffers from a username disclosure vulnerability. OwnCloud version 8.1.8 stable are vulnerable to recovery all username login list. PoC: 1. Create an account in OwnCloud 2. Intercept connection with Burp 3. Share a file, typing anything...

This Week in Security News: Skimming and Phishing Scams Ahead of Black Friday and Polish Hacking Team Wins Capture the Flag Competition

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about recent skimming and phishing scams as we head into the holidays and how you can protect yourself and your organization. Also, re...

Rethinking cyber learning—consider gamification

As promised, I’m back with a follow-up to my recent post, Rethinking how we learn security, on how we need modernize the learning experience for cybersecurity professionals by gamifying training to make learning fun. Some of you may have attended the recent Microsoft Ignite events in Orlando and...

Google Android suffers from an unspecified vulnerability (CNVD-2020-03773)

Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. Google Android has security vulnerabilities. An attacker can utilize the vulnerability to perform several activities, including recording videos, taking photos,...

tcpdump buffer overflow vulnerability (CNVD-2019-41908)

tcpdump is a set of sniffing tools from Tcpdump team running under command line. The tool is mainly used for packet analysis and network traffic capture etc. tcpdump suffers from a buffer overflow vulnerability. An attacker can exploit this vulnerability to cause a buffer overflow or heap overflo...

Stripo Inc: Clickjacking on my.stripo.email for MailChimp credentials

Clickjacking is a malicious hacking technique where attackers can acquire sensitive data. Through simple social engineering techniques these links can be sent out to unsuspecting customers to steal their credentials or perform actions on their accounts. For this example I saw that where I goto...

Schneider-electric Modicon Authentication Bypass by Capture-replay

An Information Management Error vulnerability exists in Schneider Electric's Modicon M221 product all references, all versions prior to firmware V1.6.2.0. The vulnerability allows unauthorized users to replay authentication sequences. If an attacker exploits this vulnerability and connects to a...

openSUSE Security Update : the Linux Kernel (openSUSE-2019-2444)

The openSUSE Leap 15.1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2019-16995: A memory leak exits in hsrdevfinalize in net/hsr/hsrdevice.c. if hsraddport fails to add a port, which may cause denial of service, aka CID-6caabe7f197d...

CloudBees Jenkins Libvirt Slaves Plugin Cross-Site Request Forgery Vulnerability

CloudBees Jenkins Hudson Labs is a set of Java-based continuous integration tools from CloudBees. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Libvirt Slaves Plugin is used in one of the plug-in for controlling guest domains...

CVE-2019-10472

A missing permission check in Jenkins Libvirt Slaves Plugin allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

Cross site request forgery (csrf)

A cross-site request forgery vulnerability in Jenkins Libvirt Slaves Plugin allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

CVE-2019-10472

The CVE-2019-10472 involves Jenkins Libvirt Slaves Plugin where a missing permission check allows attackers with Overall/Read to initiate SSH connections to an attacker-controlled server using attacker-controlled credentials IDs, potentially capturing credentials stored in Jenkins. The connected ...

CVE-2019-10471

CVE-2019-10471 is a cross-site request forgery vulnerability in the Jenkins Libvirt Slaves Plugin. The issue allows an attacker to trigger actions that cause the server to connect to an attacker-specified SSH server using credentials IDs chosen by the attacker, potentially exposing credentials st...

Unspecified Vulnerability in CloudBees Jenkins CRX Content Package Deployer Plugin

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing project and some timed tasks . CRX Content Package Deployer Plugin is used in...

PT-2019-11866 · Jenkins · Jenkins Libvirt Slaves Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Libvirt Slaves Plugin affected versions not specified Description: A missing permission check in the plugin allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified...

CVE-2017-8309

Memory leak in the audio/audio.c in QEMU aka Quick Emulator allows remote attackers to cause a denial of service memory consumption by repeatedly starting and stopping audio capture...

CVE-2019-10438

A missing permission check in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier allowed attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

CVE-2019-10437

A cross-site request forgery vulnerability in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier allowed attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

PT-2019-11831 · Jenkins · Jenkins Crx Content Package Deployer Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins CRX Content Package Deployer Plugin versions 1.8.1 and earlier Description: A cross-site request forgery issue allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another...

KLA11582 Multiple vulnerabilities in Oracle Java SE

Multiple vulnerabilities were found in Oracle Java SE. Malicious users can exploit these vulnerabilities to bypass security restrictions. Below is a complete list of vulnerabilities: 1. A vulnerability in Kerberos component can be exploited to bypass security restrictions; 2. A vulnerability in...