PT-2020-15516 · Jenkins · Jenkins Role-Based Authorization Strategy Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Role-based Authorization Strategy Plugin versions 3.0 and earlier Description: The issue arises from the improper invalidation of a permission cache when the configuration is changed, resulting in permissions being granted based on an...

Vulnerabilities fixed in Cisco Identity Services Engine

Cisco has fixed multiple vulnerabilities in Identity Services Engine ISE. The vulnerabilities allow a malicious person with limited administrator privileges be able to modify ISE configurations modify ISE configurations without having the required privileges or a Cross-Site Scripting XSS attack...

CVE-2020-12126

Multiple authentication bypass vulnerabilities in the /cgi-bin/ endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allow an attacker to leak router settings, change configuration variables, and cause denial of service via an unauthenticated endpoint...

macOS cfprefsd Arbitrary File Write Local Privilege Escalation

This module exploits an arbitrary file write in cfprefsd on macOS use exploit/osx/local/cfprefsdracecondition msf exploitcfprefsdracecondition show targets ...targets... msf exploitcfprefsdracecondition set TARGET msf exploitcfprefsdracecondition show options ...show and set options... msf...

Guangdong Century ICT Network Technology Co., Ltd. supervisory pass-supervision enterprise integrated business management system has unauthorized access vulnerability

Supervision through - supervision enterprise integrated business management system, is the Guangdong Century ICT Network Technology Co., Ltd. for the domestic engineering consulting enterprises engineering supervision, project management, cost, bidding agency, project construction informatization...

Juniper Networks Junos Elevation of Privilege Vulnerability

Juniper Networks Junos OS is a Juniper Networks network operating system for the company's hardware devices. The OS provides a secure programming interface and the Junos SDK. A security vulnerability exists in the Juniper Networks Junos OS configured with a dual Routing Engine RE, Virtual Chassis...

Bash Profile Persistence

This module writes an execution trigger to the target's Bash profile. The execution trigger executes a call back payload whenever the target user opens a Bash terminal. A handler is not run automatically, so you must configure an appropriate exploit/multi/handler to receive the callback. This...

PT-2019-11742 · Jenkins · Jenkins Configuration As Code Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Configuration as Code Plugin versions 1.24 and earlier Jenkins Configuration as Code Plugin versions 0.8-alpha through 1.0 Description: The issue concerns the logging of configuration changes by the Configuration as Code Plugin, where...

Redis Unauthenticated Code Execution Exploit

This Metasploit module can be used to leverage the extension functionality added by Redis 4.x and 5.x to execute arbitrary code. To transmit the given extension it makes use of the feature of Redis which called replication between master and slave. This module requires Metasploit:...

CVE-2019-1904

A vulnerability in the web-based UI web UI of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web UI on an affected device. An attacke...

CVE-2017-6157

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 12.0.0 to 12.1.1, 11.6.0 to 11.6.1, 11.5.0 - 11.5.4, virtual servers with a configuration using the HTTP Explicit Proxy functionality and/or SOCKS profile are vulnerable to an...

Multiple Cross-Site Request Forgery Vulnerabilities in Jenkins

CloudBees Jenkins formerly known as Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and some of the timed execution of the task . Jenkin...

CVE-2016-7991

The CVE affects Samsung Galaxy S4 through S7 devices where the omacp app ignores security information embedded in OMACP messages. This allows remote unsolicited WAP Push SMS messages to be accepted, parsed, and acted upon, leading to unauthorized configuration changes. Root cause is the omacp han...

Unspecified Vulnerability in Blue Coat Systems Unified Agent

Blue Coat Systems Unified Agent is a unified agent client from Blue Coat Systems, USA. A security vulnerability exists in Blue Coat Systems Unified Agent versions prior to 4.6.2. Due to a failure to restrict modification of configuration files when the program is running in locally enforced mode....

Design/Logic Flaw

lib/adminlib.php in Moodle through 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 logs cleartext passwords, which allows remote authenticated administrators to obtain sensitive information by reading the Config Changes Report...

CVE-2014-0008

lib/adminlib.php in Moodle through 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 logs cleartext passwords, which allows remote authenticated administrators to obtain sensitive information by reading the Config Changes Report...

Cross-site request forgery vulnerability in FreeNAS

Overview FreeNAS contains a cross-site request forgery vulnerability. FreeNAS is a NAS Network Attached Storage server software. FreeNAS contains a cross-site request forgery vulnerability. Hiroyuki Shinshiba of LAC:Little eArth Corporation Co., LTD. reported this vulnerability to IPA. JPCERT/CC...

CVE-2007-6724

Vidalia bundle before 0.1.2.18, when running on Windows, installs Privoxy with a configuration file config.txt or config that contains an insecure enable-remote-http-toggle setting, which allows remote attackers to bypass intended access restrictions and modify configuration...

PR06-08: BEA Plumtree portal internal hostname disclosure vulnerability

PR06-08: BEA Plumtree portal internal hostname disclosure vulnerability Description: BEA Plumtree portal is vulnerable to a internal hostname disclosure vulnerability. The internal hostname of the server hosting BEA Plumtree portal is always included at the bottom of every requested HTML page...

CentOS 3 / 4 : squirrelmail (CESA-2007:0022)

A new squirrelmail package that fixes security issues is now available for Red Hat Enterprise Linux 3 and 4. SquirrelMail is a standards-based webmail package written in PHP. Several cross-site scripting bugs were discovered in SquirrelMail. An attacker could inject arbitrary JavaScript or HTML...