849 matches found
Jenkins Snow Commander Plugin 跨站请求伪造漏洞
Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins Snow Commander Plugin 2.0 and earlier versions contain a cross-site request forgery vulnerability that stems from a...
PT-2022-17132 · Jenkins · Jenkins Snow Commander Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Snow Commander Plugin versions 2.0 and earlier Description: A cross-site request forgery CSRF issue allows attackers to connect to an attacker-specified webserver using attacker-specified credentials IDs, potentially capturing...
The vulnerability of the Midnight Commander file manager, related to deficiencies in authentication procedures, allows attackers to compromise data integrity.
The vulnerability of the Midnight Commander file manager is related to the lack of checks and display of server timestamps. Exploiting this vulnerability allows a malicious actor to compromise data integrity remotely...
CVE-2021-40813
A cross-site scripting XSS vulnerability in the "Zip content" feature in Element-IT HTTP Commander 3.1.9 allows remote authenticated users to inject arbitrary web script or HTML via filenames...
Cross site scripting
A cross-site scripting XSS vulnerability in the "Zip content" feature in Element-IT HTTP Commander 3.1.9 allows remote authenticated users to inject arbitrary web script or HTML via filenames...
CVE-2021-40813
A cross-site scripting XSS vulnerability in the "Zip content" feature in Element-IT HTTP Commander 3.1.9 allows remote authenticated users to inject arbitrary web script or HTML via filenames...
CVE-2021-40813
CVE-2021-40813 documents a cross-site scripting (XSS) vulnerability in the Zip Content feature of Element-IT HTTP Commander 3.1.9. The issue allows remote authenticated users to inject arbitrary web script or HTML via filenames. Affected software: Element-IT HTTP Commander 3.1.9; vulnerable compo...
HTTP Commander 3.1.9 - Stored Cross Site Scripting Vulnerability
Exploit Title: HTTP Commander 3.1.9 - Stored Cross Site Scripting XSS Exploit Author: Oscar Sandén Vendor Homepage: https://www.element-it.com Software Link: https://www.element-it.com/downloads.aspx Version: 3.1.9 Tested on: Windows Server 2016 Description There is a stored XSS in the 'Zip...
HTTP Commander 3.1.9 Cross Site Scripting
Exploit Title: HTTP Commander 3.1.9 - Stored Cross Site Scripting XSS Date: 07/01/2022 Exploit Author: Oscar Sandén Vendor Homepage: https://www.element-it.com Software Link: https://www.element-it.com/downloads.aspx Version: 3.1.9 Tested on: Windows Server 2016 Description There is a stored XSS ...
HTTP Commander 3.1.9 - Stored Cross Site Scripting (XSS)
Exploit Title: HTTP Commander 3.1.9 - Stored Cross Site Scripting XSS Date: 07/01/2022 Exploit Author: Oscar Sandén Vendor Homepage: https://www.element-it.com Software Link: https://www.element-it.com/downloads.aspx Version: 3.1.9 Tested on: Windows Server 2016 Description There is a stored XSS ...
An issue was discovered in Midnight Commander through 4.8.26. When establishing an SFTP connection the fingerprint of the server is neither checked nor displayed. As a result a user connects to the server without the ability to verify its authenticity.
...
CVE-2021-36370
An issue was discovered in Midnight Commander through 4.8.26. When establishing an SFTP connection, the fingerprint of the server is neither checked nor displayed. As a result, a user connects to the server without the ability to verify its authenticity...
CVE-2021-36370
An issue was discovered in Midnight Commander through 4.8.26. When establishing an SFTP connection, the fingerprint of the server is neither checked nor displayed. As a result, a user connects to the server without the ability to verify its authenticity...
AZL-6678 CVE-2021-36370 affecting package mc for versions less than 4.8.27-1
An issue was discovered in Midnight Commander through 4.8.26. When establishing an SFTP connection, the fingerprint of the server is neither checked nor displayed. As a result, a user connects to the server without the ability to verify its authenticity...
DEBIAN-CVE-2021-36370
An issue was discovered in Midnight Commander through 4.8.26. When establishing an SFTP connection, the fingerprint of the server is neither checked nor displayed. As a result, a user connects to the server without the ability to verify its authenticity...
CVE-2021-36370
An issue was discovered in Midnight Commander through 4.8.26. When establishing an SFTP connection, the fingerprint of the server is neither checked nor displayed. As a result, a user connects to the server without the ability to verify its authenticity...
UBUNTU-CVE-2021-36370
An issue was discovered in Midnight Commander through 4.8.26. When establishing an SFTP connection, the fingerprint of the server is neither checked nor displayed. As a result, a user connects to the server without the ability to verify its authenticity...
Code injection
An issue was discovered in Midnight Commander through 4.8.26. When establishing an SFTP connection, the fingerprint of the server is neither checked nor displayed. As a result, a user connects to the server without the ability to verify its authenticity...
CVE-2021-36370
An issue was discovered in Midnight Commander through 4.8.26. When establishing an SFTP connection, the fingerprint of the server is neither checked nor displayed. As a result, a user connects to the server without the ability to verify its authenticity...
CVE-2021-36370
CVE-2021-36370 affects Midnight Commander (mc) up to version 4.8.26, where the SFTP fingerprint of the server is neither checked nor displayed, preventing verification of server authenticity. Reported across multiple advisories (e.g., ALAS-2023-2147 for Amazon Linux 2 and openSUSE/SUSE advisories...