GHSA-8X6C-375H-PM4F Cleartext Storage of Sensitive Information in Jenkins Extensive Testing Plugin

Jenkins Extensive Testing Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

Cleartext Storage of Sensitive Information in Jenkins Extensive Testing Plugin

Jenkins Extensive Testing Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

Stored credentials unencrypted in Jenkins Mashup Portlets Plugin

Jenkins Mashup Portlets Plugin stored credentials unencrypted on the Jenkins master where they can be viewed by users with access to the master file system...

CVE-2022-30843

Room-rent-portal-site v1.0 is vulnerable to SQL Injection via /rrps/classes/Master.php?f=deletecategory, id...

CVE-2022-30461

Water-billing-management-system v1.0 is vulnerable to SQL Injection via /wbms/classes/Master.php?f=deleteclient, id...

CVE-2022-30458

Automotive Shop Management System v1.0 is vulnerable to Cross Site Scripting XSS via /asms/classes/Master.php?f=saveproduct, name...

CVE-2022-30456

Badminton Center Management System 1.0 is vulnerable to Cross Site Scripting XSS via /bcms/classes/Master.php?f=savecourtrental...

Insufficiently Protected Credentials

Jenkins BMC Release Package and Deployment Plugin 1.1 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...

Room-rent-portal-site SQL注入漏洞

Room-rent-portal-site is a room for rent portal by the individual developer Carlo Montero. A security vulnerability exists in Room-rent-portal-site v1.0, which stems from an SQL injection issue in /rrps/classes/Master.php?f=deletecategory...

PT-2022-20126 · Unknown · Chatbot App With Suggestion In Php/Oop

Name of the Vulnerable Software and Affected Versions: ChatBot App with Suggestion in PHP/OOP version 1.0 Description: The issue concerns SQL Injection via the "/simple chat bot/classes/Master.php" endpoint, specifically when the f parameter is set to "delete response" and the id variable is...

Merchandise Online Store SQL注入漏洞

Merchandise Online Store is a merchandise online store system. merchandise Online Store version 1.0 is vulnerable to SQL injection, which can be exploited by attackers via /vloggersmerch/classes/Master.php?f=delete product to conduct SQL injection attacks...

GHSA-9JRH-HCH8-RR5C Jenkins Copy To Slave Plugin allows access to arbitrary files on the Jenkins controller file system

An exposure of sensitive information vulnerability exists in Jenkins Copy To Slave Plugin version 1.4.4 and older in CopyToSlaveBuildWrapper.java that allows attackers with permission to configure jobs to read arbitrary files from the Jenkins master file system...

GHSA-CWCF-5M5W-MQ2W Exposure of Sensitive Information to an Unauthorized Actor in Jenkins SSH Credentials Plugin

A arbitrary file read vulnerability exists in Jenkins SSH Credentials Plugin 1.13 and earlier in BasicSSHUserPrivateKey.java that allows attackers with a Jenkins account and the permission to configure credential bindings to read arbitrary files from the Jenkins master file system...

CVE-2022-30387

Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggersmerch/classes/Master.php?f=payorder...

CVE-2022-30370

Air Cargo Management System 1.0 is vulnerable to SQL Injection via /acms/classes/Master.php?f=deletecargotype...

Jenkins TestFairy Plugin stores credentials in plain text

Jenkins TestFairy Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

GHSA-FFV8-X822-FX73 Jenkins TestFairy Plugin stores credentials in plain text

Jenkins TestFairy Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

GHSA-45FR-W365-F7PM Jenkins HockeyApp Plugin stores credentials in plain text

Jenkins HockeyApp Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

Jenkins HockeyApp Plugin stores credentials in plain text

Jenkins HockeyApp Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

Jenkins Upload to pgyer Plugin stores credentials in plain text

Jenkins Upload to pgyer Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...