CVE-2018-1999030

An exposure of sensitive information vulnerability exists in Jenkins Maven Artifact ChoiceListProvider Nexus Plugin 1.3.1 and earlier in ArtifactoryChoiceListProvider.java, NexusChoiceListProvider.java, Nexus3ChoiceListProvider.java that allows attackers to capture credentials with a known...

CVE-2018-1999040

An exposure of sensitive information vulnerability exists in Jenkins Kubernetes Plugin 1.10.1 and earlier in KubernetesCloud.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins...

CVE-2018-1999030

An exposure of sensitive information vulnerability exists in Jenkins Maven Artifact ChoiceListProvider Nexus Plugin 1.3.1 and earlier in ArtifactoryChoiceListProvider.java, NexusChoiceListProvider.java, Nexus3ChoiceListProvider.java that allows attackers to capture credentials with a known...

CVE-2018-1999027

The CVE-2018-1999027 entry concerns a sensitive-information disclosure in the Jenkins SaltStack Plugin (versions 3.1.6 and earlier) through SaltAPIBuilder.java and SaltAPIStep.java, allowing an attacker to capture credentials stored in Jenkins via a known credentials ID. Technical root cause incl...

CVE-2018-1999028

CVE-2018-1999028 affects Jenkins CloudBees Accurev Plugin (0.7.16 and earlier) via AccurevSCM.java, where a flaw allows capturing credentials stored in Jenkins using a known credential ID. Technical details in connected records confirm the vulnerability, its impact on credentials, and that remedi...

CVE-2018-1999027

An exposure of sensitive information vulnerability exists in Jenkins SaltStack Plugin 3.1.6 and earlier in SaltAPIBuilder.java, SaltAPIStep.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins...

Plex Media Server -- Information Disclosure Vulnerability

Chris reports: The XML parsing engine for Plex Media Server's SSDP/UPNP functionality is vulnerable to an XML External Entity Processing XXE attack. Unauthenticated attackers on the same LAN can use this vulnerability to: Access arbitrary files from the filesystem with the same permission as the...

CVE-2018-9068

The IMM2 First Failure Data Capture function collects management module logs and diagnostic information when a hardware error is detected. This information is made available for download through an SFTP server hosted on the IMM2 management network interface. In versions earlier than 4.90 for Leno...

CVE-2018-9068

The IMM2 First Failure Data Capture function collects management module logs and diagnostic information when a hardware error is detected. This information is made available for download through an SFTP server hosted on the IMM2 management network interface. In versions earlier than 4.90 for Leno...

CVE-2018-9068

The IMM2 First Failure Data Capture function collects management module logs and diagnostic information when a hardware error is detected. This information is made available for download through an SFTP server hosted on the IMM2 management network interface. In versions earlier than 4.90 for Leno...

Logic design flaws in Guangzhou reference app

Guangzhou Reference APP is a new media brand created by Guangzhou Daily Newspaper Group, which is an information platform. There is a logical design vulnerability in Guangzhou Reference APP. An attacker can reset any password and perform unauthorized operations by grabbing packets and blasting...

Cross site scripting

JEESNS through 1.2.1 allows XSS attacks by ordinary users who publish articles containing a crafted payload in order to capture an administrator cookie...

CVE-2018-12429

JEESNS through 1.2.1 allows XSS attacks by ordinary users who publish articles containing a crafted payload in order to capture an administrator cookie...

pdns buffer error vulnerability

pdns is a cross-platform open source DNS service component . A buffer overflow vulnerability exists in pdns versions prior to 4.1.2. An attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service crash with the help of a specially crafted PCAP file...

Aircrack-ng 1.3 - Complete Suite Of Tools To Assess WiFi Network Security

Aircrack-ng is a complete suite of tools to assess WiFi network security. It focuses on different areas of WiFi security: Monitoring: Packet capture and export of data to text files for further processing by third party tools. Attacking: Replay attacks, deauthentication, fake access points and...

Security Bulletin: Multiple Security Issues in IBM Tealeaf Customer Experience on Cloud Network Capture Add-On

Summary Multiple vulnerabilities in Apache HTTPD can cause denial of service and allow a remote attacker to bypass security restrictions and obtain sensitive information in IBM Tealeaf Customer Experience on Cloud Network Capture Add-On. A Vulnerability in the Memcached library used by the IBM...

Cross site request forgery (csrf)

Multiple Cross Site Request Forgery CSRF vulnerabilities in the HTTP API in ABBYY FlexiCapture before 12 Release 1 Update 7 exist in Web Verification, Web Scanning, Web Capture, Monitoring and Administration, and Login...

CVE-2018-13793

Multiple Cross Site Request Forgery CSRF vulnerabilities in the HTTP API in ABBYY FlexiCapture before 12 Release 1 Update 7 exist in Web Verification, Web Scanning, Web Capture, Monitoring and Administration, and Login...

CVE-2018-13793

Multiple Cross Site Request Forgery CSRF vulnerabilities in the HTTP API in ABBYY FlexiCapture before 12 Release 1 Update 7 exist in Web Verification, Web Scanning, Web Capture, Monitoring and Administration, and Login...

CVE-2018-13793

Multiple Cross Site Request Forgery CSRF vulnerabilities in the HTTP API in ABBYY FlexiCapture before 12 Release 1 Update 7 exist in Web Verification, Web Scanning, Web Capture, Monitoring and Administration, and Login...