Lucene search
K

4774 matches found

OSV
OSV
added 2016/05/17 2:8 p.m.11 views

CVE-2016-3721

Jenkins before 2.3 and LTS before 1.651.2 might allow remote authenticated users to inject arbitrary build parameters into the build environment via environment variables...

6.5CVSS5AI score
Exploits0References6
NVD
NVD
added 2016/05/17 2:8 p.m.21 views

CVE-2016-3721

Jenkins before 2.3 and LTS before 1.651.2 might allow remote authenticated users to inject arbitrary build parameters into the build environment via environment variables...

6.5CVSS6.7AI score0.02142EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2016/05/17 2:8 p.m.32 views

CVE-2016-3721

Jenkins before 2.3 and LTS before 1.651.2 might allow remote authenticated users to inject arbitrary build parameters into the build environment via environment variables...

6.5CVSS6.9AI score0.02142EPSS
Exploits0References2
Prion
Prion
added 2016/05/17 2:8 p.m.22 views

Code injection

Jenkins before 2.3 and LTS before 1.651.2 might allow remote authenticated users to inject arbitrary build parameters into the build environment via environment variables...

4CVSS6.6AI score0.02142EPSS
Exploits0References5Affected Software2
Positive Technologies
Positive Technologies
added 2016/05/17 12:0 a.m.4 views

PT-2016-5678 · Cloudbees +1 · Jenkins

Name of the Vulnerable Software and Affected Versions: Jenkins versions prior to 2.3 Jenkins LTS versions prior to 1.651.2 Description: The issue allows remote authenticated users to inject arbitrary build parameters into the build environment via environment variables. This can be achieved by...

6.5CVSS5.5AI score0.02142EPSS
Exploits0References16
Cvelist
Cvelist
added 2016/05/17 12:0 a.m.33 views

CVE-2016-3721

Jenkins before 2.3 and LTS before 1.651.2 might allow remote authenticated users to inject arbitrary build parameters into the build environment via environment variables...

6.5AI score0.02142EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2016/05/17 12:0 a.m.28 views

CVE-2016-3721

Jenkins before 2.3 and LTS before 1.651.2 might allow remote authenticated users to inject arbitrary build parameters into the build environment via environment variables...

6.5AI score0.02142EPSS
Exploits0References6
OpenVAS
OpenVAS
added 2016/05/10 12:0 a.m.79 views

GNU Bash Environment Variable Command Injection Vulnerability

On September 24, 2014, a vulnerability in the Bash shell was publicly announced. The vulnerability is related to the way in which shell functions are passed though environment variables. The vulnerability may allow an attacker to inject commands into a Bash shell, depending on how the shell is...

10CVSS10AI score0.99999EPSS
Exploits130References10
Debian CVE
Debian CVE
added 2016/05/01 12:0 a.m.30 views

CVE-2015-8325

The dosetupenv function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pamenvironment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as...

7.8CVSS8AI score0.00627EPSS
Exploits0
Hacker One
Hacker One
added 2016/04/11 4:50 p.m.15 views

APITest.IO: beta version reveals paths, environment variables and partially files contents

Hi guys! You should disable error reporting on beta version. It reveals lot of information and even files contents. How to reproduce: 1 Navigate to http://beta.apitest.io/newsletter, modify csrf-token "token" to any data. 2 input something to "email" and "name" fields. 3 submit the form. As resul...

1.4AI score
Exploits0
OSV
OSV
added 2016/04/08 3:59 p.m.6 views

CVE-2016-2381

Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp...

7.5CVSS7.5AI score
Exploits0References13
OSV
OSV
added 2016/04/08 3:59 p.m.1 views

DEBIAN-CVE-2016-2381

Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp...

7.5CVSS9.1AI score0.09007EPSS
Exploits0References1
Prion
Prion
added 2016/04/08 3:59 p.m.27 views

Design/Logic Flaw

Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp...

5CVSS6.8AI score0.09007EPSS
Exploits0References13Affected Software10
CVE
CVE
added 2016/04/08 3:0 p.m.159 views

CVE-2016-2381

CVE-2016-2381 describes a Perl taint protection bypass in child processes caused by duplicate environment variables in envp. This context-dependent issue could allow an attacker to bypass taint checks, potentially enabling unintended behavior or exposure in vulnerable Perl workflows. Public refer...

7.5CVSS7.3AI score0.09007EPSS
Exploits0References13Affected Software1
Debian CVE
Debian CVE
added 2016/04/08 3:0 p.m.22 views

CVE-2016-2381

Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp...

7.5CVSS7.4AI score0.09007EPSS
Exploits0
FreeBSD
FreeBSD
added 2016/04/08 12:0 a.m.36 views

perl5 -- taint mechanism bypass vulnerability

MITRE reports: Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp...

7.5CVSS4.5AI score0.09007EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2016/03/14 12:0 a.m.29 views

Fedora 22 : perl-5.20.3-329.fc22 (2016-1fb63e3bf3)

Fix manipulating environment variables to align with how glibc handles duplicated environment variables. Perl now uses the first variable listed in the environment array and it removes any subsequent entries of the same-named variable from the array, so that child processes have only one variable...

7.5CVSS7AI score0.09007EPSS
Exploits0References3
CNVD
CNVD
added 2016/03/07 12:0 a.m.9 views

Exim Configuration File Path Elevation of Privilege Vulnerability

Exim is an open source messaging agent MTA developed by the University of Cambridge in the UK that runs on Unix systems and is responsible for routing, forwarding and delivering mail. A security vulnerability exists in Exim that stems from an error in the program's handling of environment variabl...

7CVSS7.6AI score0.05901EPSS
Exploits13References1
Tenable Nessus
Tenable Nessus
added 2016/03/04 12:0 a.m.30 views

Fedora 23 : perl-5.22.1-351.fc23 (2016-5d4fc5ecc9)

Fix manipulating environment variables to align with how glibc handles duplicated environment variables. Perl now uses the first variable listed in the environment array and it removes any subsequent entries of the same-named variable from the array, so that child processes have only one variable...

7.5CVSS7AI score0.09007EPSS
Exploits0References3
exploitpack
exploitpack
added 2016/03/03 12:0 a.m.866 views

DropBearSSHD 2015.71 - Command Injection

DropBearSSHD 2015.71 - Command Injection VuNote ============ Author: Ref: https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3116 Version: 0.2 Date: Mar 3rd, 2016 Tag: dropbearsshd xauth command injection may lead to forced-command bypass Overview -------- Name: dropbear Vendor: Matt...

5.5CVSS0.3AI score0.37016EPSS
Exploits13
Rows per page
Query Builder