1313 matches found
PT-2022-19298 · D Link · Dir-882
Name of the Vulnerable Software and Affected Versions: D-Link DIR882 version DIR882A1 FW130B06 Description: A command injection issue exists in the /setnetworksettings/SubnetMask component, allowing attackers to escalate privileges to root by sending a crafted payload. Recommendations: For versio...
Content Mask < 1.8.4.1 - Subscriber+ Arbitrary Options Update
The plugin does not have authorisation and CSRF checks in various AJAX actions, as well as does not validate the option to be updated to ensure it belongs to the plugin. As a result, any authenticated user, such as subscriber could modify arbitrary blog options PoC POST /wp-admin/admin-ajax.php...
GitLab 信息泄露漏洞
GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Community Edition is a community edition of GitLab. An information disclosure vulnerability exists in Gitlab Community Edition versions...
WordPress Content Mask plugin <= 1.8.4 - Arbitrary Options Update vulnerability
Arbitrary Options Update vulnerability discovered by ptsfence in WordPress Content Mask plugin versions = 1.8.4. Solution Update the WordPress Content Mask plugin to the latest available version at least 1.8.4.1...
Content Mask < 1.8.4.1 - Subscriber+ Arbitrary Options Update
The plugin does not have authorisation and CSRF checks in various AJAX actions, as well as does not validate the option to be updated to ensure it belongs to the plugin. As a result, any authenticated user, such as subscriber could modify arbitrary blog options POST /wp-admin/admin-ajax.php...
GSD-2022-1002349 af_netlink: Fix shift out of bounds in group mask calculation
afnetlink: Fix shift out of bounds in group mask calculation This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.19.238 by commit...
GSD-2022-1002075 af_netlink: Fix shift out of bounds in group mask calculation
afnetlink: Fix shift out of bounds in group mask calculation This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.110 by commit...
GSD-2022-1001827 af_netlink: Fix shift out of bounds in group mask calculation
afnetlink: Fix shift out of bounds in group mask calculation This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.33 by commit...
GSD-2022-1001511 af_netlink: Fix shift out of bounds in group mask calculation
afnetlink: Fix shift out of bounds in group mask calculation This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.16.19 by commit...
GSD-2022-1001194 af_netlink: Fix shift out of bounds in group mask calculation
afnetlink: Fix shift out of bounds in group mask calculation This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.17.2 by commit...
GHSA-PJM3-F4VH-3H3H Stored Cross-site Scripting in Jenkins Mask Passwords Plugin
Jenkins Mask Passwords Plugin 3.0 and earlier does not escape the name and description of Non-Stored Password parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission. Exploitation of this...
Stored Cross-site Scripting in Jenkins Mask Passwords Plugin
Jenkins Mask Passwords Plugin 3.0 and earlier does not escape the name and description of Non-Stored Password parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission. Exploitation of this...
CVE-2022-29043
Jenkins Mask Passwords Plugin 3.0 and earlier does not escape the name and description of Non-Stored Password parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2022-29043
Jenkins Mask Passwords Plugin 3.0 and earlier does not escape the name and description of Non-Stored Password parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
Cross site scripting
Jenkins Mask Passwords Plugin 3.0 and earlier does not escape the name and description of Non-Stored Password parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2022-29043
Jenkins Mask Passwords Plugin 3.0 and earlier does not escape the name and description of Non-Stored Password parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2022-29043
Jenkins Mask Passwords Plugin 3.0 and earlier does not escape the name and description of Non-Stored Password parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2022-29043
The CVE-2022-29043 entry describes a stored XSS vulnerability in Jenkins Mask Passwords Plugin (version 3.0 and earlier). The flaw arises because the plugin does not escape the name and description of Non-Stored Password parameters on parameter views, enabling an attacker with Item/Configure perm...
PT-2022-19383 · Jenkins · Jenkins +1
Name of the Vulnerable Software and Affected Versions: Jenkins Mask Passwords Plugin versions 3.0 and earlier Description: The issue results in a stored cross-site scripting XSS vulnerability, which is exploitable by attackers with Item/Configure permission. This occurs because the plugin does no...
Jenkins Mask Passwords Plugin 跨站脚本漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.A cross-site scripting vulnerability exis...