Lucene search
K

64 matches found

CNNVD
CNNVD
added 2023/06/14 12:0 a.m.6 views

Jenkins Plugin Sonargraph Integration 跨站脚本漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

5.4CVSS5.6AI score0.00656EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/06/14 12:0 a.m.5 views

PT-2023-25164 · Jenkins · Jenkins Sonargraph Integration Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Sonargraph Integration Plugin versions 5.0.1 and earlier Description: The issue is related to a stored cross-site scripting vulnerability. It occurs because the file path and the project name for the Log file field form validation are...

5.4CVSS5.9AI score0.00656EPSS
Exploits0References6
OSV
OSV
added 2023/05/03 1:0 p.m.2 views

UBUNTU-CVE-2023-31047

In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField only the last uploaded file was validated. However,...

9.8CVSS7.1AI score0.0138EPSS
Exploits0References5
OSV
OSV
added 2023/04/26 3:15 p.m.4 views

UBUNTU-CVE-2022-25277

Drupal core sanitizes filenames with dangerous extensions upon upload reference: SA-CORE-2020-012 and strips leading and trailing dots from filenames to prevent uploading server configuration files reference: SA-CORE-2019-010. However, the protections for these two vulnerabilities previously did...

7.2CVSS6.3AI score0.01422EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:37 a.m.4 views

SUSE CVE-2017-17052

The mminit function in kernel/fork.c in the Linux kernel before 4.12.10 does not clear the -exefile member of a new process's mmstruct, allowing a local attacker to achieve a use-after-free or possibly have unspecified other impact by running a specially crafted program...

7.8CVSS7.8AI score0.0037EPSS
Exploits0References4
CISA
CISA
added 2022/12/15 12:0 a.m.8 views

Drupal Releases Security Updates to Address Vulnerabilities in H5P and File (Field) Paths

Drupal has released security updates to address vulnerabilities affecting H5P and the File Field Paths modules for Drupal 7.x. An attacker could exploit these vulnerabilities to access sensitive information and remotely execute code. CISA encourages users and administrators to review Drupal’s...

3AI score
Exploits0References2
CNNVD
CNNVD
added 2022/03/22 12:0 a.m.4 views

WordPress Easy Social Icons plugin跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin for WordPress. A cross-site scripting vulnerability exists in versions of the WordPress Easy Social Icons plugin prior to 3.2.1, which stems from the...

4.8CVSS5.5AI score0.00588EPSS
Exploits2References3
OSV
OSV
added 2021/07/07 2:15 p.m.5 views

CVE-2020-24147

Server-side request forgery SSR vulnerability in the WP Smart Import wp-smart-import plugin 1.0.0 for WordPress via the file field...

9.1CVSS5.8AI score0.01612EPSS
Exploits0References2
Prion
Prion
added 2021/07/07 2:15 p.m.18 views

Server side request forgery (ssrf)

Server-side request forgery SSR vulnerability in the WP Smart Import wp-smart-import plugin 1.0.0 for WordPress via the file field...

6.4CVSS9.2AI score0.01612EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2021/07/07 12:0 a.m.5 views

PT-2021-11018 · WordPress · Wp Smart Import

Name of the Vulnerable Software and Affected Versions: WP Smart Import plugin version 1.0.0 Description: A server-side request forgery SSRF issue exists in the WP Smart Import plugin for WordPress. This issue is related to the file field. Recommendations: For WP Smart Import plugin version 1.0.0,...

9.1CVSS9.1AI score0.01612EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2021/06/08 12:0 a.m.2 views

PT-2021-11214 · Silverstripe · Silverstripe

Name of the Vulnerable Software and Affected Versions: SilverStripe versions prior to 4.6.0-rc1 Description: The issue arises when a FormField with square brackets in the field name is used, causing it to skip validation. Specifically, the FileField class, commonly used for file upload, can be...

5.3CVSS5.1AI score0.01341EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2020/07/02 12:0 a.m.8 views

PT-2020-15415 · Jenkins · Jenkins Sonargraph Integration Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Sonargraph Integration Plugin versions 3.0.0 and earlier Description: The issue results in a stored cross-site scripting vulnerability due to the failure to escape the file path for the Log file field form validation. This can be...

5.4CVSS5.2AI score0.00735EPSS
Exploits0References7
BDU FSTEC
BDU FSTEC
added 2017/12/14 12:0 a.m.8 views

The vulnerability of the journal viewing tool of the Apache Storm distributed computing platform allows a hacker to read arbitrary files.

The vulnerability of the journal viewing tool in the Apache Storm distributed computing platform relates to deficiencies in path name restrictions for accessing the catalog. Exploiting this vulnerability allows a malicious actor to read arbitrary files using the “..” symbol as a parameter in the...

7.8CVSS5.6AI score0.0525EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2017/10/28 12:29 a.m.4 views

CVE-2017-15948

Perch Content Management System 3.0.3 allows unrestricted file upload with resultant XSS via the Asset Title field in conjunction with the Select File field. This is exploitable with a Limited Admin account...

4.8CVSS5.7AI score0.00589EPSS
Exploits3References1
NVD
NVD
added 2014/07/22 2:55 p.m.21 views

CVE-2014-5022

Cross-site scripting XSS vulnerability in the Ajax system in Drupal 7.x before 7.29 allows remote attackers to inject arbitrary web script or HTML via vectors involving forms with an Ajax-enabled textfield and a file field...

4.3CVSS5.4AI score0.00995EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2014/07/22 2:55 p.m.29 views

CVE-2014-5022

Cross-site scripting XSS vulnerability in the Ajax system in Drupal 7.x before 7.29 allows remote attackers to inject arbitrary web script or HTML via vectors involving forms with an Ajax-enabled textfield and a file field...

4.3CVSS6.5AI score0.00995EPSS
Exploits0References3
OSV
OSV
added 2014/07/22 2:55 p.m.7 views

UBUNTU-CVE-2014-5022

Cross-site scripting XSS vulnerability in the Ajax system in Drupal 7.x before 7.29 allows remote attackers to inject arbitrary web script or HTML via vectors involving forms with an Ajax-enabled textfield and a file field...

4.3CVSS6.5AI score0.00995EPSS
Exploits0References4
CVE
CVE
added 2014/07/22 2:0 p.m.120 views

CVE-2014-5020

The Drupal 7.x File module vulnerability CVE-2014-5020 allows remote authenticated users with certain permissions to bypass file-view restrictions and read files by attaching a file to content via a file field. Affected software: Drupal core (Drupal 7.x) prior to 7.29. Root cause: improper permis...

4.9CVSS5.7AI score0.01323EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2014/07/22 2:0 p.m.38 views

CVE-2014-5022

Removed by vendor...

4.3CVSS6.2AI score0.00995EPSS
Exploits0
Prion
Prion
added 2013/12/13 6:55 p.m.10 views

Format string

Format string vulnerability in the client in Tftpd32 before 4.50 allows remote servers to cause a denial of service crash or possibly execute arbitrary code via format string specifiers in the Remote File field...

5CVSS8.6AI score0.02878EPSS
Exploits2References4Affected Software1
Rows per page
Query Builder