Lucene search
K

849 matches found

CNNVD
CNNVD
added 2022/02/15 12:0 a.m.3 views

Jenkins Snow Commander Plugin 跨站请求伪造漏洞

Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins Snow Commander Plugin 2.0 and earlier versions contain a cross-site request forgery vulnerability that stems from a...

8.8CVSS5.5AI score0.00644EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2022/02/15 12:0 a.m.2 views

PT-2022-17132 · Jenkins · Jenkins Snow Commander Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Snow Commander Plugin versions 2.0 and earlier Description: A cross-site request forgery CSRF issue allows attackers to connect to an attacker-specified webserver using attacker-specified credentials IDs, potentially capturing...

8.8CVSS8.6AI score0.00644EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2022/01/17 12:0 a.m.5 views

The vulnerability of the Midnight Commander file manager, related to deficiencies in authentication procedures, allows attackers to compromise data integrity.

The vulnerability of the Midnight Commander file manager is related to the lack of checks and display of server timestamps. Exploiting this vulnerability allows a malicious actor to compromise data integrity remotely...

7.8CVSS7.1AI score0.02216EPSS
Exploits1References12Affected Software4
NVD
NVD
added 2022/01/13 6:15 p.m.18 views

CVE-2021-40813

A cross-site scripting XSS vulnerability in the "Zip content" feature in Element-IT HTTP Commander 3.1.9 allows remote authenticated users to inject arbitrary web script or HTML via filenames...

5.4CVSS0.00745EPSS
Exploits1References2
Prion
Prion
added 2022/01/13 6:15 p.m.24 views

Cross site scripting

A cross-site scripting XSS vulnerability in the "Zip content" feature in Element-IT HTTP Commander 3.1.9 allows remote authenticated users to inject arbitrary web script or HTML via filenames...

3.5CVSS5AI score0.00745EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2022/01/13 5:38 p.m.15 views

CVE-2021-40813

A cross-site scripting XSS vulnerability in the "Zip content" feature in Element-IT HTTP Commander 3.1.9 allows remote authenticated users to inject arbitrary web script or HTML via filenames...

5.2AI score0.00745EPSS
Exploits1References2
CVE
CVE
added 2022/01/13 5:38 p.m.55 views

CVE-2021-40813

CVE-2021-40813 documents a cross-site scripting (XSS) vulnerability in the Zip Content feature of Element-IT HTTP Commander 3.1.9. The issue allows remote authenticated users to inject arbitrary web script or HTML via filenames. Affected software: Element-IT HTTP Commander 3.1.9; vulnerable compo...

5.4CVSS5AI score0.00745EPSS
Exploits1References2Affected Software1
0day.today
0day.today
added 2022/01/10 12:0 a.m.228 views

HTTP Commander 3.1.9 - Stored Cross Site Scripting Vulnerability

Exploit Title: HTTP Commander 3.1.9 - Stored Cross Site Scripting XSS Exploit Author: Oscar Sandén Vendor Homepage: https://www.element-it.com Software Link: https://www.element-it.com/downloads.aspx Version: 3.1.9 Tested on: Windows Server 2016 Description There is a stored XSS in the 'Zip...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/01/10 12:0 a.m.211 views

HTTP Commander 3.1.9 Cross Site Scripting

Exploit Title: HTTP Commander 3.1.9 - Stored Cross Site Scripting XSS Date: 07/01/2022 Exploit Author: Oscar Sandén Vendor Homepage: https://www.element-it.com Software Link: https://www.element-it.com/downloads.aspx Version: 3.1.9 Tested on: Windows Server 2016 Description There is a stored XSS ...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/01/10 12:0 a.m.292 views

HTTP Commander 3.1.9 - Stored Cross Site Scripting (XSS)

Exploit Title: HTTP Commander 3.1.9 - Stored Cross Site Scripting XSS Date: 07/01/2022 Exploit Author: Oscar Sandén Vendor Homepage: https://www.element-it.com Software Link: https://www.element-it.com/downloads.aspx Version: 3.1.9 Tested on: Windows Server 2016 Description There is a stored XSS ...

7.4AI score
Exploits0
Microsoft CVE
Microsoft CVE
added 2021/09/09 7:0 a.m.2 views

An issue was discovered in Midnight Commander through 4.8.26. When establishing an SFTP connection the fingerprint of the server is neither checked nor displayed. As a result a user connects to the server without the ability to verify its authenticity.

...

7.5CVSS7AI score0.02216EPSS
Exploits1
OSV
OSV
added 2021/08/30 7:15 p.m.14 views

CVE-2021-36370

An issue was discovered in Midnight Commander through 4.8.26. When establishing an SFTP connection, the fingerprint of the server is neither checked nor displayed. As a result, a user connects to the server without the ability to verify its authenticity...

7.5CVSS6.5AI score0.02216EPSS
Exploits1References6
NVD
NVD
added 2021/08/30 7:15 p.m.8 views

CVE-2021-36370

An issue was discovered in Midnight Commander through 4.8.26. When establishing an SFTP connection, the fingerprint of the server is neither checked nor displayed. As a result, a user connects to the server without the ability to verify its authenticity...

7.5CVSS0.02216EPSS
Exploits1References6
OSV
OSV
added 2021/08/30 7:15 p.m.7 views

AZL-6678 CVE-2021-36370 affecting package mc for versions less than 4.8.27-1

An issue was discovered in Midnight Commander through 4.8.26. When establishing an SFTP connection, the fingerprint of the server is neither checked nor displayed. As a result, a user connects to the server without the ability to verify its authenticity...

7.5CVSS7.1AI score0.02216EPSS
Exploits1References1
OSV
OSV
added 2021/08/30 7:15 p.m.1 views

DEBIAN-CVE-2021-36370

An issue was discovered in Midnight Commander through 4.8.26. When establishing an SFTP connection, the fingerprint of the server is neither checked nor displayed. As a result, a user connects to the server without the ability to verify its authenticity...

7.5CVSS7.3AI score0.02216EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2021/08/30 7:15 p.m.3 views

CVE-2021-36370

An issue was discovered in Midnight Commander through 4.8.26. When establishing an SFTP connection, the fingerprint of the server is neither checked nor displayed. As a result, a user connects to the server without the ability to verify its authenticity...

7.5CVSS5.4AI score0.02216EPSS
Exploits1References7
OSV
OSV
added 2021/08/30 7:15 p.m.1 views

UBUNTU-CVE-2021-36370

An issue was discovered in Midnight Commander through 4.8.26. When establishing an SFTP connection, the fingerprint of the server is neither checked nor displayed. As a result, a user connects to the server without the ability to verify its authenticity...

7.5CVSS7.1AI score0.02216EPSS
Exploits1References8
Prion
Prion
added 2021/08/30 7:15 p.m.20 views

Code injection

An issue was discovered in Midnight Commander through 4.8.26. When establishing an SFTP connection, the fingerprint of the server is neither checked nor displayed. As a result, a user connects to the server without the ability to verify its authenticity...

5CVSS7.3AI score0.02216EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2021/08/30 6:37 p.m.12 views

CVE-2021-36370

An issue was discovered in Midnight Commander through 4.8.26. When establishing an SFTP connection, the fingerprint of the server is neither checked nor displayed. As a result, a user connects to the server without the ability to verify its authenticity...

7.5AI score0.02216EPSS
Exploits1References6
CVE
CVE
added 2021/08/30 6:37 p.m.95 views

CVE-2021-36370

CVE-2021-36370 affects Midnight Commander (mc) up to version 4.8.26, where the SFTP fingerprint of the server is neither checked nor displayed, preventing verification of server authenticity. Reported across multiple advisories (e.g., ALAS-2023-2147 for Amazon Linux 2 and openSUSE/SUSE advisories...

7.5CVSS7.2AI score0.02216EPSS
Exploits1References6Affected Software1
Rows per page
Query Builder