91 matches found
CVE-2019-14931
An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. An unauthenticated remote OS Command Injection vulnerability allows an attacker to execute arbitrary commands on the RTU due to the passing of unsafe user supplied data to t...
PT-2019-13873 · Mitsubishi · Me-Rtu
Name of the Vulnerable Software and Affected Versions: Mitsubishi Electric Europe B.V. ME-RTU devices versions 2.02 and earlier INEA ME-RTU devices versions 3.0 and earlier Description: An unauthenticated remote OS Command Injection issue allows an attacker to execute arbitrary commands on the RT...
PT-2019-11848 · Jenkins · Jenkins Rundeck Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Rundeck Plugin affected versions not specified Description: A cross-site request forgery issue allows attackers to connect to an attacker-specified URL using attacker-specified credentials. The plugin does not perform permission check...
PT-2019-11850 · Jenkins · Jenkins Oracle Cloud Infrastructure Compute Classic Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Oracle Cloud Infrastructure Compute Classic Plugin affected versions not specified Description: A cross-site request forgery issue exists, allowing attackers to connect to a specified URL using specified credentials. The plugin does n...
PT-2019-11731 · Jenkins +1 · Jenkins Electricflow Plugin +2
Name of the Vulnerable Software and Affected Versions: Jenkins ElectricFlow Plugin version 1.1.5 and earlier CloudBees CD Plugin affected versions not specified Description: A cross-site request forgery issue allows attackers to connect to a specified URL using specified credentials. This is due ...
CVE-2019-1003076
A cross-site request forgery vulnerability in Jenkins Audit to Database Plugin in the DbAuditPublisherDescriptorImpldoTestJdbcConnection form validation method allows attackers to initiate a connection to an attacker-specified server...
PT-2019-11366 · Jenkins · Jenkins Audit To Database Plugin
Name of the Vulnerable Software and Affected Versions: Jenkins Audit to Database Plugin affected versions not specified Description: A cross-site request forgery issue exists in the DbAuditPublisherDescriptorImpldoTestJdbcConnection form validation method, allowing attackers to initiate a...
Authorization Bypass
Jenkins crowd2 plugin is vulnerable to authorization bypass. A lack of authorization check in CrowdSecurityRealm.java allows an attacker to perform a connection test to a malicious server...
CVE-2018-1000422
An improper authorization vulnerability exists in Jenkins Crowd 2 Integration Plugin 2.0.0 and earlier in CrowdSecurityRealm.java that allows attackers to have Jenkins perform a connection test, connecting to an attacker-specified server with attacker-specified credentials and connection settings...
Quest KACE System Management Appliance Command Injection Vulnerability
The Quest KACE System Management Appliance provides comprehensive system management for all network-connected devices. A command injection vulnerability exists in the '/common/ajaxemailconnectiontest.php' script in Quest KACE System Management Appliance 8.0.318. An authenticated user can exploit...
MyConnection Server (MCS) 9.7i Cross Site Scripting
Author: 1N3 Website: http://treadstonesecurity.blogspot.ca Vender Website: http://www.visualware.com/ Affected Product: MyConnection Server Affected Version: 9.7i others may also be vulnerable ABOUT: MyConnection Server MCS delivers a broad range of support managed automated and user initiated...