2348 matches found
CVE-2019-14286
In app/webroot/js/event-graph.js in MISP 2.4.111, a stored XSS vulnerability exists in the event-graph view when a user toggles the event graph view. A malicious MISP event must be crafted in order to trigger the vulnerability...
CVE-2019-14286
In app/webroot/js/event-graph.js in MISP 2.4.111, a stored XSS vulnerability exists in the event-graph view when a user toggles the event graph view. A malicious MISP event must be crafted in order to trigger the vulnerability...
Cross site scripting
In app/webroot/js/event-graph.js in MISP 2.4.111, a stored XSS vulnerability exists in the event-graph view when a user toggles the event graph view. A malicious MISP event must be crafted in order to trigger the vulnerability...
CVE-2019-14286
The CVE-2019-14286 entry documents a stored cross-site scripting (XSS) vulnerability in MISP 2.4.111, located in app/webroot/js/event-graph.js for the event-graph view. An attacker must craft a malicious MISP event to trigger the vulnerability when the event-graph view is toggled. The available c...
Orbit v2.0 - Blockchain Transactions Investigation Tool
Introduction Orbit is designed to explore network of a blockchain wallet by recursively crawling through transaction history. The data is rendered as a graph to reveal major sources, sinks and suspicious connections. Note: Orbit only runs on Python 3.2 and above. Usage Let's start by crawling...
O365-Attack-Toolkit - A Toolkit To Attack Office365
o365-attack-toolkit allows operators to perform an OAuth phishing attack and later on use the Microsoft Graph API to extract interesting information. Some of the implemented features are : Extraction of keyworded e-mails from Outlook. Creation of Outlook Rules. Extraction of files from...
CloudBees Jenkins Unauthorized Information Disclosure Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Dependency Graph Viewer Plugin is used in...
Jenkins Dependency Graph View Plugin Cross-Site Scripting (CVE-2019-10349)
A Cross-Site Scripting vulnerability exists in Jenkins Dependency Graph View plugin. Successful exploitation of this vulnerability would allow remote attackers to inject an arbitrary web script into the affected system...
Jenkins Dependency Graph View Plugin 0.13 - Persistent Cross-Site Scripting
Jenkins Dependency Graph View Plugin 0.13 - Persistent Cross-Site Scripting Exploit Title: Persistent XSS - Dependency Graph View Pluginv0.13 Vendor Homepage: https://wiki.jenkins.io/display/JENKINS/Dependency+Graph+View+Plugin Exploit Author: Ishaq Mohammed Contact:...
CloudBees Jenkins Dependency Graph Viewer plugin cross-site scripting vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Dependency Graph Viewer Plugin is used in...
Jenkins Dependency Graph View Plugin 0.13 - Persistent Cross-Site Scripting Vulnerability
Exploit for java platform in category web applications Exploit Title: Persistent XSS - Dependency Graph View Pluginv0.13 Vendor Homepage: https://wiki.jenkins.io/display/JENKINS/Dependency+Graph+View+Plugin Exploit Author: Ishaq Mohammed Contact: https://twitter.com/securityprince Website:...
Jenkins Dependency Graph View 0.13 Cross Site Scripting
Exploit Title: Persistent XSS - Dependency Graph View Pluginv0.13 Vendor Homepage: https://wiki.jenkins.io/display/JENKINS/Dependency+Graph+View+Plugin Exploit Author: Ishaq Mohammed Contact: https://twitter.com/securityprince Website: https://about.me/security-prince Category: webapps Platform:...
Jenkins Dependency Graph View Plugin 0.13 - Persistent Cross-Site Scripting
Exploit Title: Persistent XSS - Dependency Graph View Pluginv0.13 Vendor Homepage: https://wiki.jenkins.io/display/JENKINS/Dependency+Graph+View+Plugin Exploit Author: Ishaq Mohammed Contact: https://twitter.com/securityprince Website: https://about.me/security-prince Category: webapps Platform:...
CVE-2019-10349
A stored cross site scripting vulnerability in Jenkins Dependency Graph Viewer Plugin 0.13 and earlier allowed attackers able to configure jobs in Jenkins to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins...
CVE-2019-10349
The CVE-2019-10349 issue affects Jenkins Dependency Graph View Plugin (≤0.13). The root cause is a stored XSS vulnerability in the plugin’s Configure module where the Display Name field can be exploited to inject arbitrary HTML/JavaScript into plugin-provided Jenkins pages. Impact per sources is ...
CVE-2019-10349
A stored cross site scripting vulnerability in Jenkins Dependency Graph Viewer Plugin 0.13 and earlier allowed attackers able to configure jobs in Jenkins to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins...
PT-2019-11748 · Jenkins · Jenkins Dependency Graph Viewer Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Dependency Graph Viewer Plugin versions 0.13 and earlier Description: A stored cross site scripting issue allows attackers who can configure jobs in Jenkins to inject arbitrary HTML and JavaScript into the plugin-provided web pages in...
Mozilla Spidermonkey - Unboxed Objects Uninitialized Memory Access Exploit
/ Mozilla Spidermonkey - Unboxed Objects Uninitialized Memory Access For constructors, Spidermonkey implements a "definite property analysis" 1 to compute which properties will definitely exist on the constructed objects. Spidermonkey then directly allocates the constructed objects with the final...
Partner Perspectives: Maintaining Order in Chaotic Times
Erkang Zheng is the CISO of LifeOmic and the General Manager of JupiterOne. One of the key challenges facing growing cloud-native organizations is the ability to maintain your security and compliance posture despite your employees’ access to critical data from numerous locations and devices. This...
CVE-2019-5960
Cross-site request forgery CSRF vulnerability in WP Open Graph 1.6.1 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors...