4774 matches found
CVE-2016-3721
Jenkins before 2.3 and LTS before 1.651.2 might allow remote authenticated users to inject arbitrary build parameters into the build environment via environment variables...
CVE-2016-3721
Jenkins before 2.3 and LTS before 1.651.2 might allow remote authenticated users to inject arbitrary build parameters into the build environment via environment variables...
CVE-2016-3721
Jenkins before 2.3 and LTS before 1.651.2 might allow remote authenticated users to inject arbitrary build parameters into the build environment via environment variables...
Code injection
Jenkins before 2.3 and LTS before 1.651.2 might allow remote authenticated users to inject arbitrary build parameters into the build environment via environment variables...
PT-2016-5678 · Cloudbees +1 · Jenkins
Name of the Vulnerable Software and Affected Versions: Jenkins versions prior to 2.3 Jenkins LTS versions prior to 1.651.2 Description: The issue allows remote authenticated users to inject arbitrary build parameters into the build environment via environment variables. This can be achieved by...
CVE-2016-3721
Jenkins before 2.3 and LTS before 1.651.2 might allow remote authenticated users to inject arbitrary build parameters into the build environment via environment variables...
CVE-2016-3721
Jenkins before 2.3 and LTS before 1.651.2 might allow remote authenticated users to inject arbitrary build parameters into the build environment via environment variables...
GNU Bash Environment Variable Command Injection Vulnerability
On September 24, 2014, a vulnerability in the Bash shell was publicly announced. The vulnerability is related to the way in which shell functions are passed though environment variables. The vulnerability may allow an attacker to inject commands into a Bash shell, depending on how the shell is...
CVE-2015-8325
The dosetupenv function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pamenvironment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as...
APITest.IO: beta version reveals paths, environment variables and partially files contents
Hi guys! You should disable error reporting on beta version. It reveals lot of information and even files contents. How to reproduce: 1 Navigate to http://beta.apitest.io/newsletter, modify csrf-token "token" to any data. 2 input something to "email" and "name" fields. 3 submit the form. As resul...
CVE-2016-2381
Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp...
DEBIAN-CVE-2016-2381
Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp...
Design/Logic Flaw
Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp...
CVE-2016-2381
CVE-2016-2381 describes a Perl taint protection bypass in child processes caused by duplicate environment variables in envp. This context-dependent issue could allow an attacker to bypass taint checks, potentially enabling unintended behavior or exposure in vulnerable Perl workflows. Public refer...
CVE-2016-2381
Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp...
perl5 -- taint mechanism bypass vulnerability
MITRE reports: Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp...
Fedora 22 : perl-5.20.3-329.fc22 (2016-1fb63e3bf3)
Fix manipulating environment variables to align with how glibc handles duplicated environment variables. Perl now uses the first variable listed in the environment array and it removes any subsequent entries of the same-named variable from the array, so that child processes have only one variable...
Exim Configuration File Path Elevation of Privilege Vulnerability
Exim is an open source messaging agent MTA developed by the University of Cambridge in the UK that runs on Unix systems and is responsible for routing, forwarding and delivering mail. A security vulnerability exists in Exim that stems from an error in the program's handling of environment variabl...
Fedora 23 : perl-5.22.1-351.fc23 (2016-5d4fc5ecc9)
Fix manipulating environment variables to align with how glibc handles duplicated environment variables. Perl now uses the first variable listed in the environment array and it removes any subsequent entries of the same-named variable from the array, so that child processes have only one variable...
DropBearSSHD 2015.71 - Command Injection
DropBearSSHD 2015.71 - Command Injection VuNote ============ Author: Ref: https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3116 Version: 0.2 Date: Mar 3rd, 2016 Tag: dropbearsshd xauth command injection may lead to forced-command bypass Overview -------- Name: dropbear Vendor: Matt...