Lucene search
K

91 matches found

Cvelist
Cvelist
added 2019/10/28 12:7 p.m.34 views

CVE-2019-14931

An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. An unauthenticated remote OS Command Injection vulnerability allows an attacker to execute arbitrary commands on the RTU due to the passing of unsafe user supplied data to t...

10AI score0.5766EPSS
Exploits3References2
Positive Technologies
Positive Technologies
added 2019/10/28 12:0 a.m.5 views

PT-2019-13873 · Mitsubishi · Me-Rtu

Name of the Vulnerable Software and Affected Versions: Mitsubishi Electric Europe B.V. ME-RTU devices versions 2.02 and earlier INEA ME-RTU devices versions 3.0 and earlier Description: An unauthenticated remote OS Command Injection issue allows an attacker to execute arbitrary commands on the RT...

10CVSS8.9AI score0.5766EPSS
Exploits3References5
Positive Technologies
Positive Technologies
added 2019/10/16 12:0 a.m.6 views

PT-2019-11848 · Jenkins · Jenkins Rundeck Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Rundeck Plugin affected versions not specified Description: A cross-site request forgery issue allows attackers to connect to an attacker-specified URL using attacker-specified credentials. The plugin does not perform permission check...

4.3CVSS4.3AI score0.00665EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2019/10/16 12:0 a.m.6 views

PT-2019-11850 · Jenkins · Jenkins Oracle Cloud Infrastructure Compute Classic Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Oracle Cloud Infrastructure Compute Classic Plugin affected versions not specified Description: A cross-site request forgery issue exists, allowing attackers to connect to a specified URL using specified credentials. The plugin does n...

4.3CVSS4.2AI score0.00623EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2019/06/11 12:0 a.m.8 views

PT-2019-11731 · Jenkins +1 · Jenkins Electricflow Plugin +2

Name of the Vulnerable Software and Affected Versions: Jenkins ElectricFlow Plugin version 1.1.5 and earlier CloudBees CD Plugin affected versions not specified Description: A cross-site request forgery issue allows attackers to connect to a specified URL using specified credentials. This is due ...

4.3CVSS4.3AI score0.01058EPSS
Exploits0References8
OSV
OSV
added 2019/04/04 4:29 p.m.3 views

CVE-2019-1003076

A cross-site request forgery vulnerability in Jenkins Audit to Database Plugin in the DbAuditPublisherDescriptorImpldoTestJdbcConnection form validation method allows attackers to initiate a connection to an attacker-specified server...

6.5CVSS6.6AI score0.01296EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2019/04/04 12:0 a.m.5 views

PT-2019-11366 · Jenkins · Jenkins Audit To Database Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins Audit to Database Plugin affected versions not specified Description: A cross-site request forgery issue exists in the DbAuditPublisherDescriptorImpldoTestJdbcConnection form validation method, allowing attackers to initiate a...

6.5CVSS6.2AI score0.01296EPSS
Exploits0References5
Veracode
Veracode
added 2019/01/10 2:20 a.m.20 views

Authorization Bypass

Jenkins crowd2 plugin is vulnerable to authorization bypass. A lack of authorization check in CrowdSecurityRealm.java allows an attacker to perform a connection test to a malicious server...

6.5CVSS6.2AI score0.00769EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2019/01/09 11:29 p.m.3 views

CVE-2018-1000422

An improper authorization vulnerability exists in Jenkins Crowd 2 Integration Plugin 2.0.0 and earlier in CrowdSecurityRealm.java that allows attackers to have Jenkins perform a connection test, connecting to an attacker-specified server with attacker-specified credentials and connection settings...

6.5CVSS5.8AI score0.00769EPSS
Exploits0References2
CNVD
CNVD
added 2018/06/01 12:0 a.m.5 views

Quest KACE System Management Appliance Command Injection Vulnerability

The Quest KACE System Management Appliance provides comprehensive system management for all network-connected devices. A command injection vulnerability exists in the '/common/ajaxemailconnectiontest.php' script in Quest KACE System Management Appliance 8.0.318. An authenticated user can exploit...

9CVSS8AI score0.42917EPSS
Exploits3References1
Packet Storm
Packet Storm
added 2014/07/21 12:0 a.m.33 views

MyConnection Server (MCS) 9.7i Cross Site Scripting

Author: 1N3 Website: http://treadstonesecurity.blogspot.ca Vender Website: http://www.visualware.com/ Affected Product: MyConnection Server Affected Version: 9.7i others may also be vulnerable ABOUT: MyConnection Server MCS delivers a broad range of support managed automated and user initiated...

0.1AI score
Exploits0
Rows per page
Query Builder