Code injection

Jenkins Dependency Graph Viewer plugin 0.12 and earlier did not perform permission checks for the API endpoint that modifies the dependency graph, allowing anyone with Overall/Read permission to modify this data...

CVE-2017-1000388

Jenkins Dependency Graph Viewer plugin 0.12 and earlier did not perform permission checks for the API endpoint that modifies the dependency graph, allowing anyone with Overall/Read permission to modify this data...

CVE-2017-1000388

Jenkins Dependency Graph Viewer plugin 0.12 and earlier did not perform permission checks for the API endpoint that modifies the dependency graph, allowing anyone with Overall/Read permission to modify this data...

CVE-2017-1000388

The CVE-2017-1000388 entry concerns the Jenkins Dependency Graph Viewer plugin (version 0.12 and earlier). The root cause is missing permission checks on the API endpoint that modifies the dependency graph, allowing any user with Overall/Read permission to modify the data. This description is sup...

CVE-2017-1000388

Jenkins Dependency Graph Viewer plugin 0.12 and earlier did not perform permission checks for the API endpoint that modifies the dependency graph, allowing anyone with Overall/Read permission to modify this data...

Node.js third-party modules: [metascraper] Stored XSS in Open Graph meta properties read by metascrapper

Hi Guys, metascrapper is vulnerable to Stored XSS via Open Graph metadata, if they are used in HTML without any sanitization. Module: A library to easily scrape metadata from an article on the web using Open Graph metadata, regular HTML metadata, and series of fallbacks...

CVE-2018-6193

A Cross-Site Scripting XSS vulnerability was found in Routers2 2.24, affecting the 'rtr' GET parameter in a page=graph action to cgi-bin/routers2.pl...

Cross site scripting

A Cross-Site Scripting XSS vulnerability was found in Routers2 2.24, affecting the 'rtr' GET parameter in a page=graph action to cgi-bin/routers2.pl...

Electric Sheep Fencing pfSense 'graph' Parameter Command Execution Vulnerability

Electric Sheep Fencing pfsense is a free and open source FreeBSD-based firewall and router software from Electric Sheep Fencing. A security vulnerability exists in Electric Sheep Fencing pfSense versions prior to 2.3. A remote attacker can exploit this vulnerability by sending the 'graph' paramet...

CVE-2016-10709

pfSense before 2.3 allows remote authenticated users to execute arbitrary OS commands via a '|' character in the statusrrdgraphimg.php graph parameter, related to rrdgraphimg.php...

MacOS process_policy stack leak through uninitialized field(CVE-2017-7154)

The syscall processpolicyscope=PROCPOLICYSCOPEPROCESS, action=PROCPOLICYACTIONGET, policy=PROCPOLICYRESOURCEUSAGE, policysubtype=PROCPOLICYRUSAGECPU, attrp=, targetpid=0, targetthreadid= causes 4 bytes of uninitialized kernel stack memory to be written to userspace. The call graph looks as follow...

macOS - process_policy Stack Leak Through Uninitialized Field Exploit

Exploit for macOS platform in category dos / poc / The syscall processpolicyscope=PROCPOLICYSCOPEPROCESS, action=PROCPOLICYACTIONGET, policy=PROCPOLICYRESOURCEUSAGE, policysubtype=PROCPOLICYRUSAGECPU, attrp=, targetpid=0, targetthreadid= causes 4 bytes of uninitialized kernel stack memory to be...

FLARE IDA Pro Script Series: Simplifying Graphs in IDA

Introduction We’re proud to release a new plug-in for IDA Pro users – SimplifyGraph – to help automate creation of groups of nodes in the IDA’s disassembly graph view. Code and binaries are available from the FireEye GitHub repo. Prior to this release we submitted it in the 2017 Hex-Rays plugin...

FLARE IDA Pro Script Series: Simplifying Graphs in IDA

Introduction We’re proud to release a new plug-in for IDA Pro users – SimplifyGraph – to help automate creation of groups of nodes in the IDA’s disassembly graph view. Code and binaries are available from the FireEye GitHub repo. Prior to this release we submitted it in the 2017 Hex-Rays plugin...

WordPress Content Cards Plugin Cross-Site Scripting Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform using PHP language development, the platform supports PHP and MySQL server set up a personal blog site.Content Cards plugin is used in one of the website link embedded plug-ins. A cross-site scripting vulnerability exists i...

CVE-2017-17096

Cross-site scripting XSS vulnerability in the Content Cards plugin before 0.9.7 for WordPress allows remote attackers to inject arbitrary JavaScript via crafted OpenGraph data...

PT-2017-13869 · Foreman · Foreman

Name of the Vulnerable Software and Affected Versions: Foreman affected versions not specified Description: The issue allows an attacker to perform a stored XSS attack by submitting facts containing HTML to the Foreman server. This can lead to exploitation on certain pages, including the Facts pa...

Apache Struts 'TextParseUtil.translateVariables()' Remote Code Execution Vulnerability

Apache Struts is the United States Apache Apache Software Foundation is responsible for maintaining an open source project , is a set of open source MVC framework for creating enterprise-class Java Web applications , mainly provides two versions of the framework products , Struts 1 and Struts 2...

CVE-2017-16000

SQL injection vulnerability in the EyesOfNetwork web interface aka eonweb 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the graph parameter to module/capacityperlabel/index.php...

Sql injection

SQL injection vulnerability in the EyesOfNetwork web interface aka eonweb 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the graph parameter to module/capacityperlabel/index.php...