Lucene search
K

545 matches found

OSV
OSV
added 2020/07/02 3:15 p.m.9 views

CVE-2020-2208

Jenkins Slack Upload Plugin 1.7 and earlier stores a secret unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system...

4.3CVSS6.7AI score
Exploits0References2
Cvelist
Cvelist
added 2020/07/02 2:55 p.m.31 views

CVE-2020-2209

Jenkins TestComplete support Plugin 2.4.1 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system...

4.6AI score0.00691EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2020/05/11 8:34 p.m.2 views

mojarra: Path traversal in ResourceManager.java:getLocalePrefix() via the loc parameter

The getLocalePrefix function in ResourceManager.java in Eclipse Mojarra before 2.3.7 is affected by Directory Traversal via the loc parameter. A remote attacker can download configuration files or Java bytecodes from applications...

7.5CVSS7.4AI score0.04425EPSS
Exploits0References4
Malwarebytes
Malwarebytes
added 2020/05/06 3:59 p.m.47 views

New Mac variant of Lazarus Dacls RAT distributed via Trojanized 2FA app

This blog post was authored by Hossein Jazi, Thomas Reed and Jérôme Segura. We recently identified what we believe is a new variant of the Dacls Remote Access Trojan RAT associated with North Korea's Lazarus group, designed specifically for the Mac operating system. Dacls is a RAT that was...

7.2AI score
Exploits0
Metasploit
Metasploit
added 2020/04/22 2:48 p.m.46 views

Linux Gather HexChat/XChat Enumeration

This module will collect HexChat and XChat's config files and chat logs from the victim's machine. There are three actions you may choose: CONFIGS, CHATS, and ALL. The CONFIGS option can be used to collect information such as channel settings, channel/server passwords, etc. The CHATS option will...

6.8AI score
Exploits0
NVD
NVD
added 2020/04/16 7:15 p.m.20 views

CVE-2020-2177

Jenkins Copr Plugin 0.3 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

4.3CVSS4.6AI score0.00501EPSS
Exploits0References2
NVD
NVD
added 2020/04/08 8:15 p.m.15 views

CVE-2020-1624

A local, authenticated user with shell can obtain the hashed values of login passwords and shared secrets via raw objmon configuration files. This issue affects all versions of Junos OS Evolved prior to 19.1R1...

5.5CVSS5.4AI score0.00302EPSS
Exploits0References1
Prion
Prion
added 2020/03/09 4:15 p.m.12 views

Design/Logic Flaw

An issue was discovered in Froxlor before 0.10.14. It created files with static names in /tmp during installation if the installation directory was not writable. This allowed local attackers to cause DoS or disclose information out of the config files, because of createUserdataConf in...

3.6CVSS6AI score0.00322EPSS
Exploits0References3Affected Software1
Kitploit
Kitploit
added 2020/02/29 8:40 p.m.135 views

Extended-SSRF-Search - Smart SSRF Scanner Using Different Methods Like Parameter Brute Forcing In Post And Get...

This tool search for SSRF using predefined settings in different parts of a request path, host, headers, post and get parameters. First step Rename example.app-settings.conf to app-settings.conf and adjust settings. The most important setting is the callback url. I recommend to use burp...

7.1AI score
Exploits0References1
OSV
OSV
added 2020/02/26 10:15 p.m.4 views

CVE-2019-18238

In Moxa ioLogik 2500 series firmware, Version 3.0 or lower, and IOxpress configuration utility, Version 2.3.0 or lower, sensitive information is stored in configuration files without encryption, which may allow an attacker to access an administrative account...

7.5CVSS7.1AI score0.00493EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/02/12 2:35 p.m.20 views

CVE-2020-2133

Jenkins Applatix Plugin 1.1 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system...

6.5AI score0.00852EPSS
Exploits0References2
Cvelist
Cvelist
added 2020/02/12 2:35 p.m.26 views

CVE-2020-2132

Jenkins Parasoft Environment Manager Plugin 2.14 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system...

6.5AI score0.00852EPSS
Exploits0References2
OSV
OSV
added 2020/02/04 6:32 p.m.1 views

USN-4265-2 spamassassin vulnerabilities

USN-4265-1 fixed several vulnerabilities in SpamAssassin. This update provides the corresponding update for Ubuntu 12.04 ESM and 14.04 ESM. Original advisory details: It was discovered that SpamAssassin incorrectly handled certain CF files. If a user or automated system were tricked into using a...

9.3CVSS6.9AI score0.07053EPSS
Exploits0References3
NVD
NVD
added 2020/01/29 4:15 p.m.22 views

CVE-2020-2107

Jenkins Fortify Plugin 19.1.29 and earlier stores proxy server passwords unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

4.3CVSS4.5AI score0.00647EPSS
Exploits0References2
Prion
Prion
added 2020/01/29 4:15 p.m.20 views

Design/Logic Flaw

Jenkins Fortify Plugin 19.1.29 and earlier stores proxy server passwords unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

4CVSS4.9AI score0.00647EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/01/29 3:15 p.m.27 views

CVE-2020-2107

Jenkins Fortify Plugin 19.1.29 and earlier stores proxy server passwords unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

4.9AI score0.00647EPSS
Exploits0References2
OSV
OSV
added 2019/12/23 6:15 p.m.4 views

CVE-2019-6679

On BIG-IP versions 15.0.0-15.0.1, 14.1.0.2-14.1.2.2, 14.0.0.5-14.0.1, 13.1.1.5-13.1.3.1, 12.1.4.1-12.1.5, 11.6.4-11.6.5, and 11.5.9-11.5.10, the access controls implemented by scp.whitelist and scp.blacklist are not properly enforced for paths that are symlinks. This allows authenticated users wi...

3.3CVSS5.8AI score0.00308EPSS
Exploits0References1
CVE
CVE
added 2019/12/23 6:4 p.m.86 views

CVE-2019-3467

CVE-2019-3467 affects Debian-LAN-related components used with Debian Edu: Debian-edu-config versions earlier than 2.11.10 and debian-lan-config earlier than 0.26 were configured with overly permissive ACLs on the Kerberos admin server. This misconfiguration allowed password changes for other Kerb...

7.8CVSS7.3AI score0.00503EPSS
Exploits1References10Affected Software2
OSV
OSV
added 2019/12/17 3:15 p.m.18 views

CVE-2019-16557

Jenkins Redgate SQL Change Automation Plugin 2.0.3 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

6.5CVSS7.3AI score
Exploits0References2
Kitploit
Kitploit
added 2019/12/13 11:30 a.m.147 views

Exploitivator - Automate Metasploit Scanning And Exploitation

This has only been tested on Kali. It depends on the msfrpc module for Python, described in detail here: https://www.trustwave.com/Resources/SpiderLabs-Blog/Scripting-Metasploit-using-MSGRPC/ Install the necessary Kali packages and the PostgreSQL gem for Ruby: apt-get install postgresql libpq-dev...

7.4AI score
Exploits0References1
Rows per page
Query Builder