CVE-2022-20736

A vulnerability in the web-based management interface of Cisco AppDynamics Controller Software could allow an unauthenticated, remote attacker to access a configuration file and the login page for an administrative console that they would not normally have authorization to access. This...

Cisco AppDynamics Controller Authorization Bypass Vulnerability

A vulnerability in the web-based management interface of Cisco AppDynamics Controller Software could allow an unauthenticated, remote attacker to access a configuration file and the login page for an administrative console that they would not normally have authorization to access. This...

Huawei EulerOS: Security Advisory for grub2 (EulerOS-SA-2022-1828)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP10 : grub2 (EulerOS-SA-2022-1828)

According to the versions of the grub2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with the wrong permission set allowing non privileged...

TOTOLINK EX1200T Information Disclosure Vulnerability

TOTOLINK EX1200T is a Wi-Fi range extender from China-based Gion Electronics TOTOLINK.TOTOLINK EX1200T suffers from an information disclosure vulnerability, which can be exploited by attackers to obtain the apmib configuration file without authorization, and the username and password can be found...

Atomic-Operator - A Python Package Is Used To Execute Atomic Red Team Tests (Atomics) Across Multiple Operating System Environments

This python package is used to execute Atomic Red Team tests Atomics across multiple operating system environments. What's new? Why? atomic-operator enables security professionals to test their detection and defensive capabilities against prescribed techniques defined within atomic-red-team. By...

CVE-2021-42886

CVE-2021-42886 applies to TOTOLINK EX1200T, version V4.1.2cu.5215, describing an information-disclosure vulnerability. An unauthenticated attacker can access the attacker-controlled apmib configuration file and retrieve usernames and passwords from the decoded contents. The description indicates ...

Privilege Escalation

grub2 is vulnerable to privilege escalation. A flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with the wrong permission set allowing non privileged users to read its content. This represents a low severity confidentiality issue, as those users can...

CVE-2022-30701

An uncontrolled search path element vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to craft a special configuration file to load an untrusted library with escalated privileges on affected installations. Please note: an attacker must first obtain the...

Path traversal

An uncontrolled search path element vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to craft a special configuration file to load an untrusted library with escalated privileges on affected installations. Please note: an attacker must first obtain the...

Jenkins NeuVector Vulnerability Scanner Plugin stored credentials in plain text

Jenkins NeuVector Vulnerability Scanner Plugin 1.5 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system...

Missing permission checks in Jenkins Config File Provider Plugin allow enumerating configuration file IDs

Jenkins Config File Provider Plugin 3.7.0 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to enumerate configuration file IDs. An enumeration of configuration file IDs in Jenkins Config File Provider Plugin 3.7.1 require...

GHSA-79R5-RHRW-7PVH Passwords stored in plain text by Jenkins Jabber (XMPP) notifier and control Plugin

Jenkins Jabber XMPP notifier and control Plugin 1.41 and earlier stores passwords unencrypted in its global configuration file hudson.plugins.jabber.im.transport.JabberPublisher.xml on the Jenkins controller as part of its configuration. These passwords can be viewed by users with access to the...

Passwords stored in plain text by Jenkins Jabber (XMPP) notifier and control Plugin

Jenkins Jabber XMPP notifier and control Plugin 1.41 and earlier stores passwords unencrypted in its global configuration file hudson.plugins.jabber.im.transport.JabberPublisher.xml on the Jenkins controller as part of its configuration. These passwords can be viewed by users with access to the...

GHSA-QVJR-X8FW-HGHV Credentials stored in plain text by Jenkins TraceTronic ECU-TEST Plugin

Jenkins TraceTronic ECU-TEST Plugin 2.23.1 and earlier stores credentials unencrypted in its global configuration file de.tracetronic.jenkins.plugins.ecutest.report.atx.installation.ATXInstallation.xml on the Jenkins controller as part of its configuration. These credentials can be viewed by user...

Credentials stored in plain text by Jenkins Bumblebee HP ALM Plugin

Jenkins Bumblebee HP ALM Plugin 4.1.5 and earlier stores credentials unencrypted in its global configuration file com.agiletestware.bumblebee.BumblebeeGlobalConfig.xml on the Jenkins controller as part of its configuration. These credentials can be viewed by users with access to the Jenkins...

Password stored in plain text by Jenkins VMware Lab Manager Slaves Plugin

Jenkins VMware Lab Manager Slaves Plugin 0.2.8 and earlier stores a password unencrypted in the global config.xml file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system...

Password stored in plain text by Jenkins AppSpider Plugin

AppSpider Plugin 1.0.12 and earlier stores a password unencrypted in its global configuration file com.rapid7.jenkinspider.PostBuildScan.xml on the Jenkins controller as part of its configuration. This password can be viewed by users with access to the Jenkins controller file system. AppSpider...

Access token stored in plain text by Jenkins SMS Notification Plugin

Jenkins SMS Notification Plugin 1.2 and earlier stores an access token unencrypted in its global configuration file com.hoiio.jenkins.plugin.SMSNotification.xml on the Jenkins controller as part of its configuration. This access token can be viewed by users with access to the Jenkins controller...

GHSA-VWFV-QPW8-83C7 Access token stored in plain text by Jenkins SMS Notification Plugin

Jenkins SMS Notification Plugin 1.2 and earlier stores an access token unencrypted in its global configuration file com.hoiio.jenkins.plugin.SMSNotification.xml on the Jenkins controller as part of its configuration. This access token can be viewed by users with access to the Jenkins controller...