PT-2019-11837 · Jenkins · Jenkins Icescrum Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins iceScrum Plugin version 1.1.4 and earlier Description: The issue allows stored credentials to be stored unencrypted in job config.xml files on the Jenkins master. These credentials could be viewed by users with Extended Read permissio...

Anchor Information Disclosure Vulnerability

Anchor is an open source light blogging system. The system supports Markdown editor , custom fields and multiple languages and so on. An information disclosure vulnerability exists in the config/error.php file in Anchor version 0.12.3, which can be exploited to obtain database credentials with th...

Unspecified Vulnerability in CloudBees Jenkins Gem Publisher Plugin

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Gem Publisher Plugin is used in which a Gem...

CVE-2019-15766

The KSLABS KSWEB aka ru.kslabs.ksweb application 3.93 for Android allows authenticated remote code execution via a POST request to the AJAX handler with the configFile parameter set to the arbitrary file to be written to and the configtext parameter set to the content of the file to be created...

Design/Logic Flaw

Jenkins Violation Comments to GitLab Plugin 2.28 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system...

EulerOS 2.0 SP2 : texlive (EulerOS-SA-2019-1873)

According to the version of the texlive packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - TeX Live allows remote attackers to execute arbitrary commands by leveraging inclusion of mpost in shellescapecommands in the texmf.cnf config...

CVE-2019-16332

In the api-bearer-auth plugin before 20190907 for WordPress, the server parameter is not correctly filtered in the swagger-config.yaml.php file, and it is possible to inject JavaScript code, aka XSS...

openSUSE Security Update : nodejs8 (openSUSE-2019-2115) (0-Length Headers Leak) (Data Dribble) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)

This update for nodejs8 to version 8.16.1 fixes the following issues : Security issues fixed : - CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service bsc1146091. -...

Hashcatch - Capture Handshakes Of Nearby WiFi Networks Automatically

Hashcatch deauthenticates clients connected to all nearby WiFi networks and tries to capture the handshakes. It can be used in any linux device including Raspberry Pi and Nethunter devices so that you can capture handshakes while walking your dog Written by @SivaneshAshok PoC of hashcatch running...

CVE-2019-1211

An elevation of privilege vulnerability exists in Git for Visual Studio when it improperly parses configuration files. An attacker who successfully exploited the vulnerability could execute code in the context of another local user. To exploit the vulnerability, an authenticated attacker would ne...

Sampler - A Tool For Shell Commands Execution, Visualization And Alerting (Configured With A Simple YAML File)

Sampler is a tool for shell commands execution, visualization and alerting. Configured with a simple YAML file. Installation macOS brew cask install sampler or curl -Lo /usr/local/bin/sampler https://github.com/sqshq/sampler/releases/download/v1.0.1/sampler-1.0.1-darwin-amd64 chmod +x...

Schben Adive Cross-Site Request Forgery Vulnerability

Schben Adive is a PHP-based web development framework . A cross-site request forgery vulnerability exists in the Internal/Views/config.php file in Schben Adive version 2.0.7, which stems from a WEB application that does not adequately validate whether a request is coming from a trusted user, and...

procps: Local privilege escalation in top

If the HOME environment variable is unset or empty, top will read its configuration file from the current working directory without any security check. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of...

CVE-2019-3800

CF CLI version prior to v6.45.0 bosh release version 1.16.0 writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the...

CVE-2019-3800

CF CLI version prior to v6.45.0 bosh release version 1.16.0 writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the...

Design/Logic Flaw

CF CLI version prior to v6.45.0 bosh release version 1.16.0 writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the...

CVE-2019-3800 CF CLI writes the client id and secret to config file

CF CLI version prior to v6.45.0 bosh release version 1.16.0 writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the...

PT-2019-11762 · Jenkins · Jenkins Skytap Cloud Ci Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Skytap Cloud CI Plugin versions 2.06 and earlier Description: The issue concerns the storage of credentials in an unencrypted form in job config.xml files on the Jenkins master. This allows users with Extended Read permission or acces...

The vulnerability of the SCALANCE X switch’s microprogramming software, related to incorrect data storage formatting, allows a intruder to restore passwords.

The vulnerability of the SCALANCE X microcontroller’s software is related to incorrect storage of user credentials. Exploiting this vulnerability could allow an intruder to retrieve passwords from the device access to the device’s configuration files is required...

Unspecified Vulnerability in JetBrains IntelliJ IDEA Ultimate

JetBrains IntelliJ IDEA Ultimate is a Czech JetBrains integrated development environment for the Java language. A security vulnerability exists in JetBrains IntelliJ IDEA Ultimate that originates from the program logging server credentials in plaintext to the IDE configuration file. An attacker...