CVE-2022-34177

Jenkins Pipeline: Input Step Plugin 448.v37cea9a10a70 and earlier archives files uploaded for file parameters for Pipeline input steps on the controller as part of build metadata, using the parameter name without sanitization as a relative path inside a build-related directory, allowing attackers...

PT-2022-22044 · Jenkins · Jenkins Pipeline: Input Step Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Pipeline: Input Step Plugin versions 448.v37cea 9a 10a 70 and earlier Description: The issue allows attackers who can configure Pipelines to create or replace arbitrary files on the Jenkins controller file system with attacker-specifi...

PublicCMS has an unspecified vulnerability

PublicCMS is an open source content management system CMS written in Java from PublicCMS, China. publicCMS v4.0 contains a security vulnerability that stems from a problem in the BAT file parameters. An attacker can exploit this vulnerability to execute arbitrary code...

CVE-2021-40881

An issue in the BAT file parameters of PublicCMS v4.0 allows attackers to execute arbitrary code...

CVE-2021-40881

An issue in the BAT file parameters of PublicCMS v4.0 allows attackers to execute arbitrary code...

PublicCMS 安全漏洞

PublicCMS is an open source content management system CMS written in Java from PublicCMS, China. publicCMS v4.0 contains a security vulnerability that stems from a problem in the BAT file parameters. An attacker can exploit this vulnerability to execute arbitrary code...

CVE-2020-2162

Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not set Content-Security-Policy headers for files uploaded as file parameters to a build, resulting in a stored XSS vulnerability...

CVE-2021-22397

There is a privilege escalation vulnerability in Huawei ManageOne 8.0.0. External parameters of some files are lack of verification when they are be called. Attackers can exploit this vulnerability by performing these files to cause privilege escalation attack. This can compromise normal service...

Security Bulletin: IBM Spectrum Scale and IBM GPFS are affected by a security vulnerability (CVE-2016-0392)

Summary A security vulnerability has been identified in all levels of IBM Spectrum Scale and IBM GPFS that could allow a local attacker to inject commands into setuid file parameters and execute commands as root. Vulnerability Details CVEID: CVE-2016-0392 DESCRIPTION: IBM General Parallel File...

Sourcecodester Seat-Reservation-System SQL注入漏洞

Seat-Reservation-System is a seat reservation system. A sql injection vulnerability exists in Seat-Reservation-System 1.0. The vulnerability is caused due to the id and file parameters in the index.php file not being input/output filtered for special characters. An attacker can exploit this...

jenkins: Content-Security-Policy headers for files uploaded leads to XSS

Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not set Content-Security-Policy headers for files uploaded as file parameters to a build, resulting in a stored XSS vulnerability...

CVE-2020-2162

Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not set Content-Security-Policy headers for files uploaded as file parameters to a build, resulting in a stored XSS vulnerability...

Arbitrary File Read

dompdf is vulnerable to arbitrary file read. A malicious user can bypass chroot protections with the PHP protocols and wrappers through the inputfile parameters...

ZZCMS V8.0 SQL Injection Vulnerability in Multiple Parameters

ZZCMS is an enterprise website builder. ZZCMS V8.0 suffers from a SQL injection vulnerability, which allows attackers to exploit the vulnerability to obtain sensitive information from the database. The injection parameters include the following: zs/zs.php file 'pxzs' function;...

Letter of financial built Station System info. php and other file parameters class SQL injection vulnerability

No description provided by source...

JEECMS arbitrary File Download lead to sensitive information disclosure-vulnerability warning-the black bar safety net

Should be JEECMS old version inurl:download. jspx? path= Arbitrary File Download download. jspx? fpath=WEB-INF/web. xml&filename=WEB-INF/web.xml Case 1 www.xxczj.gov.cn/download.jspx?fpath=WEB-INF/web.xml&filename=WEB-INF/web.xml ! tick. png Case 2...

moziloCMS Multiple Cross Site Scripting Vulnerabilities

The host is running moziloCMS and is prone to Multiple Cross Site Scripting Vulnerabilities OpenVAS Vulnerability Test $Id: gbmoziloCMSmultxssvuln.nasl 4869 2016-12-29 11:01:45Z teissa $ moziloCMS Multiple Cross Site Scripting Vulnerabilities Authors: Antu Sanadi Copyright: Copyright c 2009...

gwextranet-include.txt

GWextranet Multiple Vulnerabilites Vendor: Messaging Architects http://www.gwtools.com/en/gwextranet/eval/ http://www.example/gwextranet/scp.dll/sendto?user=calendar+of+events&mid=474020FA.GWEMAILDEPOT.SDEPO.100.167656B.1.1B00.1&template=.././../../boot.ini%00...

SAP 'enserver.exe' file downloader

No description provided by source. !/usr/bin/perl -w SAP 'enserver.exe' file downloader Tested on "SAP Web Application Server Java 6.40" eval DVD Found & coded by Nicob The downloaded file is limited to the first 32 kilobytes Usual port : TCP/3200+SYSNR Exemple : ./r3-stealer-1.0.pl 192.168.2.22...

CVE-2004-0303

OWLS 1.0 allows remote attackers to retrieve arbitrary files via absolute pathnames in 1 the file parameter in /glossaries/index.php, 2 the filename parameter in /readings/index.php, or 3 the filename parameter in /multiplechoice/resultsignore.php, as demonstrated using /etc/passwd...