Lucene search
+L

33 matches found

Vulnrichment
Vulnrichment
added 2023/02/17 12:0 a.m.6 views

CVE-2021-34182

An issue in ttyd v.1.6.3 allows attacker to execute arbitrary code via default configuration permissions...

7.7AI score0.00865EPSS
Exploits1References1
OSV
OSV
added 2022/05/17 12:33 a.m.14 views

GHSA-RF5Q-8GX3-XQFC Cross-Site Request Forgery in Jenkins Git Plugin

Git Plugin connects to a user-specified Git repository as part of form validation. An attacker with no direct access to Jenkins but able to guess at a username/password credentials ID could trick a developer with job configuration permissions into following a link with a maliciously crafted Jenki...

7.5CVSS6.8AI score0.00769EPSS
Exploits0References3
Prion
Prion
added 2022/03/15 5:15 p.m.13 views

Cross site scripting

Jenkins List Git Branches Parameter Plugin 0.0.9 and earlier does not escape the name of the 'List Git branches and more' parameter, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

3.5CVSS5.2AI score0.00812EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2019/03/28 12:0 a.m.10 views

PT-2019-11333 · Jenkins · Jenkins Slack Notification Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Slack Notification Plugin versions 2.19 and earlier Description: A missing permission check in the plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs,...

7.5CVSS7.2AI score0.0146EPSS
Exploits0References9
Cvelist
Cvelist
added 2017/04/25 5:0 p.m.29 views

CVE-2017-8109

The salt-ssh minion code in SaltStack Salt 2016.11 before 2016.11.4 copied over configuration from the Salt Master without adjusting permissions, which might leak credentials to local attackers on configured minions clients...

7.6AI score0.00434EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2015/07/06 12:0 a.m.59 views

Scientific Linux Security Update : mailman on SL7.x x86_64 (20150623)

-- It was found that mailman did not sanitize the list name before passing it to certain MTAs. A local attacker could use this flaw to execute arbitrary code as the user running mailman. CVE-2015-2775 Previously, it was impossible to configure Mailman in a way that Domain-based Message...

7.6CVSS8AI score0.07964EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2014/09/16 12:16 a.m.4 views

Moderate: Red Hat Bug Fix Advisory: virt-who bug fix and enhancement update

Updated virt-who packages that fix several bugs and add various enhancements are now available for Red Hat Enterprise Linux 5. The virt-who package provides an agent that collects information about virtual guests present in the system and reports them to the subscription manager. The virt-who...

2.1CVSS5.7AI score0.00385EPSS
Exploits0References14
Metasploit
Metasploit
added 2013/12/15 3:0 a.m.30 views

Windows Escalate Service Permissions Local Privilege Escalation

This module attempts to exploit existing administrative privileges to obtain a SYSTEM session. If directly creating a service fails, this module will inspect existing services to look for insecure configuration, file or registry permissions that may be hijacked. It will then attempt to restart th...

6.9AI score
Exploits0
0day.today
0day.today
added 2012/10/15 12:0 a.m.22 views

Windows Escalate Service Permissions Local Privilege Escalation

Exploit for windows platform in category local exploits This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core'...

6.8AI score
Exploits0
Packet Storm
Packet Storm
added 2012/10/15 12:0 a.m.25 views

Windows Escalate Service Permissions Local Privilege Escalation

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'msf/core/post/windows/services' require 'rex'...

0.4AI score
Exploits0
OSV
OSV
added 2012/08/06 4:55 p.m.9 views

CVE-2012-3866

lib/puppet/defaults.rb in Puppet 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, uses 0644 permissions for lastrunreport.yaml, which allows local users to obtain sensitive configuration information by leveraging access to the puppet master server to read this file...

2.1CVSS5.4AI score0.00481EPSS
Exploits1References8
Exploit DB
Exploit DB
added 2003/09/09 12:0 a.m.27 views

RealOne Player for Linux 2.2 Alpha - Insecure Configuration File Permission Privilege Escalation

// source: https://www.securityfocus.com/bid/8571/info The configuration files for the RealOne Player are installed in the a hidden folder in a users home directory. The issue presents itself, because configuration files stored in this directory are installed with insecure permissions. This means...

7.4AI score
Exploits0
NVD
NVD
added 2001/08/02 4:0 a.m.14 views

CVE-2001-0620

iPlanet Calendar Server 5.0p2 and earlier allows a local attacker to gain access to the Netscape Admin Server NAS LDAP database and read arbitrary files by obtaining the cleartext administrator username and password from the configuration file, which has insecure permissions...

2.1CVSS6.8AI score0.00369EPSS
Exploits0References2
Rows per page
Query Builder