850 matches found
Design/Logic Flaw
Jenkins Mail Commander Plugin for Jenkins-ci Plugin 1.0.0 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...
CVE-2020-2318
CVE-2020-2318 affects the Jenkins Mail Commander Plugin for Jenkins-ci Plugin versions 1.0.0 and earlier. The root cause is that passwords are stored unencrypted in the job config.xml files on the Jenkins controller, allowing disclosure to users with Extended Read permission or with filesystem ac...
CVE-2020-2318
Jenkins Mail Commander Plugin for Jenkins-ci Plugin 1.0.0 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...
PT-2020-15552 · Jenkins Ci +1 · Jenkins Mail Commander Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Mail Commander Plugin for Jenkins-ci Plugin version 1.0.0 and earlier Description: The issue concerns the storage of passwords in an unencrypted manner in job config.xml files on the Jenkins controller. These passwords can be accessed...
Ghisler Total Commander Elevation of Privilege Vulnerability
Ghisler Total Commander is a file manager software from the American company Ghisler. The program offers file compression, management, ftp sharing and more. An elevation of privilege vulnerability exists in Ghisler Total Commander version 9.51, which stems from insufficient access restrictions in...
Vulnerability in Ghisler Total Commander
There is a vulnerability in Ghisler Total Commander. The vulnerability allows a local malicious person to obtain elevated permissions by replacing the Total Commander binary. The developers of Total Commander have indicated that they will not fix the vulnerability will not be fixed. According to...
CVE-2020-17381
An issue was discovered in Ghisler Total Commander 9.51. Due to insufficient access restrictions in the default installation directory, an attacker can elevate privileges by replacing the %SYSTEMDRIVE%\totalcmd\TOTALCMD64.EXE binary...
CVE-2020-17381
An issue was discovered in Ghisler Total Commander 9.51. Due to insufficient access restrictions in the default installation directory, an attacker can elevate privileges by replacing the %SYSTEMDRIVE%\totalcmd\TOTALCMD64.EXE binary...
Design/Logic Flaw
An issue was discovered in Ghisler Total Commander 9.51. Due to insufficient access restrictions in the default installation directory, an attacker can elevate privileges by replacing the %SYSTEMDRIVE%\totalcmd\TOTALCMD64.EXE binary...
CVE-2020-17381
An issue was discovered in Ghisler Total Commander 9.51. Due to insufficient access restrictions in the default installation directory, an attacker can elevate privileges by replacing the %SYSTEMDRIVE%\totalcmd\TOTALCMD64.EXE binary...
PT-2020-14933 · Ghisler · Total Commander
Name of the Vulnerable Software and Affected Versions: Ghisler Total Commander version 9.51 Description: An issue was discovered due to insufficient access restrictions in the default installation directory, allowing an attacker to elevate privileges by replacing the...
CVE-2020-17381
The CVE-2020-17381 entry concerns Ghisler Total Commander 9.51. The issue is a local privilege escalation caused by insufficient access restrictions in the default installation directory, enabling an attacker to replace the TOTALCMD64.EXE binary under %SYSTEMDRIVE% (Total Commander directory) to ...
GHSA-Q42C-RRP3-R3XM Malicious Package in commmander
All versions of commmander contain malicious code . The package is malware designed to take advantage of users making a mistake when typing the name of a module to install. Upon require the package attempts to start a cryptocurrency miner using coin-hive. Recommendation Remove the package from yo...
GHSA-2HQF-QQMQ-PGPP Malicious Package in commander-js
All versions of commander-js are considered malicious. The package is malware designed to take advantage of users making a mistake when typing the name of a module to install. When installed, the package downloads an arbitrary file and executes its contents as a post-install script. Recommendatio...
Malicious Package in commander-js
All versions of commander-js are considered malicious. The package is malware designed to take advantage of users making a mistake when typing the name of a module to install. When installed, the package downloads an arbitrary file and executes its contents as a post-install script. Recommendatio...
Reflected Cross-Site Scripting in redis-commander
Affected versions of redis-commander contain a cross-site scripting vulnerability in the highlighterId paramter of the clipboard.swf component on hosts serving Redis Commander. Mitigating factors: Flash must be installed / enabled for this to work. The below proof of concept was verified to work...
GHSA-8C8C-4VFJ-RRPC Reflected Cross-Site Scripting in redis-commander
Affected versions of redis-commander contain a cross-site scripting vulnerability in the highlighterId paramter of the clipboard.swf component on hosts serving Redis Commander. Mitigating factors: Flash must be installed / enabled for this to work. The below proof of concept was verified to work...
FTP Commander Pro 8.03 - Local Stack Overflow Exploit
Exploit Title: FTP Commander Pro 8.03 - Local Stack Overflow Exploit Author: boku Discovered by: UNNON Original DoS: FTP Commander 8.02 - Overwrite SEH Original DoS Link: https://www.exploit-db.com/exploits/37810 Software Vendor: http://www.internet-soft.com/ Software Link:...
FTP Commander Pro 8.03 Local Stack Overflow
Exploit Title: FTP Commander Pro 8.03 - Local Stack Overflow Date: 2019-12-12 Exploit Author: boku Discovered by: UNNON Original DoS: FTP Commander 8.02 - Overwrite SEH Original DoS Link: https://www.exploit-db.com/exploits/37810 Software Vendor: http://www.internet-soft.com/ Software Link:...
FTP Commander Pro 8.03 - Local Stack Overflow
FTP Commander Pro 8.03 - Local Stack Overflow Exploit Title: FTP Commander Pro 8.03 - Local Stack Overflow Date: 2019-12-12 Exploit Author: boku Discovered by: UNNON Original DoS: FTP Commander 8.02 - Overwrite SEH Original DoS Link: https://www.exploit-db.com/exploits/37810 Software Vendor:...