237 matches found
CVE-2018-1000145
An exposure of sensitive information vulnerability exists in Jenkins Perforce Plugin version 1.3.36 and older in PerforcePasswordEncryptor.java that allows attackers with local file system access to obtain encrypted Perforce passwords and decrypt them...
CVE-2018-1000142
An exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin version 1.39.0 and older in GhprbCause.java that allows an attacker with local file system access to obtain GitHub credentials...
CVE-2018-1000143
An exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin version 1.39.0 and older in GhprbCause.java that allows an attacker with local file system access to obtain GitHub credentials...
CVE-2018-1000143
An exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin version 1.39.0 and older in GhprbCause.java that allows an attacker with local file system access to obtain GitHub credentials...
CVE-2018-5118
The screenshot images displayed in the Activity Stream page displayed when a new tab is opened is created from the meta tags of websites. An issue was discovered where the page could attempt to create these images through "file:" URLs from the local file system. This loading is blocked by the...
Cross-domain high-risk vulnerability in WebView component for iOS platforms
WebView is an iOS control for displaying web pages, which is based on the Webkit engine and presents a web page.In addition to the properties and settings of a typical View, WebView controls can handle URL requests, page loading, rendering, and page interactions. The iOS platform WebView componen...
Xxe
A security researcher found an XML External Entity XXE vulnerability on the Conserus Image Repository archive solution version 2.1.1.105 by McKesson Medical Imaging Company, which is now a Change Healthcare company. An unauthenticated user supplying a modified HTTP SOAP request to the vulnerable...
CVE-2017-14101
A security researcher found an XML External Entity XXE vulnerability on the Conserus Image Repository archive solution version 2.1.1.105 by McKesson Medical Imaging Company, which is now a Change Healthcare company. An unauthenticated user supplying a modified HTTP SOAP request to the vulnerable...
CVE-2017-14101
A security researcher found an XML External Entity XXE vulnerability on the Conserus Image Repository archive solution version 2.1.1.105 by McKesson Medical Imaging Company, which is now a Change Healthcare company. An unauthenticated user supplying a modified HTTP SOAP request to the vulnerable...
Sophos UTM 9 Management Application Local File Inclusion
Vulnerability Details Affected Vendor: Sophos Affected Product: UTM 9 Affected Version: 9.410 Platform: Embedded Linux CWE Classification: CWE-538: File and Directory Information Exposure, CWE-264: Permissions, Privileges, and Access Controls, CWE-532: Information Exposure Through Log Files...
Puppet `resource_type` Remote Code Execution Vulnerability
Unspecified vulnerability in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, allows remote attackers to execute arbitrary Ruby programs from the master via the resourcetype service. NOTE: this vulnerability can only be exploited...
UBUNTU-CVE-2017-7794
On Linux systems, if the content process is compromised, the sandbox broker will allow files to be truncated even though the sandbox explicitly only has read access to the local file system and no write permissions. Note: This attack only affects the Linux operating system. Other operating system...
Mozilla: Sandbox escape allowing local file system read access (MFSA 2017-12)
A mechanism to bypass file system access protections in the sandbox using the file system request constructor through an IPC message. This allows for read and write access to the local file system. This vulnerability affects Firefox ESR 52.1 and Firefox 53...
CVE-2 0 1 6-4 2 7 1:Flash local file system sandbox bypass-vulnerability warning-the black bar safety net
2 0 1 6 9 on 1 3 April, Adobe closed the local file system sandbox sandbox. Local file system sandbox in existence for twenty years after, finally be Adobe is closed, so that almost all of the use of this function in the Flash file needs to be updated. We will specifically explain this change in...
transfer.sh - Easy and Fast File Sharing from the Command-line
Easy and fast file sharing from the command-line. This code contains the server with everything you need to create your own instance. Transfer.sh support currently the s3 Amazon S3 provider and local file system local. Usage Upload: $ curl --upload-file ./hello.txt https://transfer.sh/hello.txt...
Apache Ambari Unauthorized Access Vulnerability
Apache Ambari is a set of tools for configuring, managing and monitoring Apache Hadoop clusters from the Apache Apache Software Foundation, USA. The tool supports visualization and analysis of job and task execution, support for system alerts, and more. A security vulnerability exists in Apache...
Microsoft Windows Media Center Information Disclosure Vulnerability
Microsoft Windows is a series of operating systems released by the American company Microsoft. An information leakage vulnerability exists in Microsoft Windows Media Center, which originates from the program's failure to properly handle specially designed Media Center link .mcl files that referen...
Warning! Update Mozilla Firefox to Patch Critical File Stealing Vulnerability
Earlier this week, Mozilla Security researcher Cody Crews discovered a malicious advertisement on a Russian news site that steals local files from a system and upload them to a Ukrainian server without the user ever knowing. The malicious advertisement was exploiting a serious vulnerability in...
MGASA-2015-0205 Updated mailman packages fix security vulnerabilities
Updated mailman packages fix security vulnerability: A path traversal vulnerability was discovered in Mailman. Installations using a transport script such as postfix-to-mailman.py to interface with their MTA instead of static aliases were vulnerable to a path traversal attack. To successfully...
Updated mailman packages fix security vulnerabilities
Updated mailman packages fix security vulnerability: A path traversal vulnerability was discovered in Mailman. Installations using a transport script such as postfix-to-mailman.py to interface with their MTA instead of static aliases were vulnerable to a path traversal attack. To successfully...