Lucene search
K

844 matches found

OSV
OSV
added 2018/06/05 8:29 p.m.21 views

CVE-2018-1000186

A exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin 1.41.0 and older in GhprbGitHubAuth.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another...

6.5CVSS6.5AI score
Exploits0References1
CVE
CVE
added 2018/06/05 8:0 p.m.62 views

CVE-2018-1000186

Affected software: Jenkins GitHub Pull Request Builder Plugin (GhprbGitHubAuth.java) up to version 1.41.0. The vulnerability allows attackers with Overall/Read access to connect to an attacker‑specified URL using attacker‑provided credentials IDs, enabling capture of credentials stored in Jenkins...

6.5CVSS6.2AI score0.00988EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2018/06/05 8:0 p.m.23 views

CVE-2018-1000186

A exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin 1.41.0 and older in GhprbGitHubAuth.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another...

6.3AI score0.00988EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2018/06/04 12:0 a.m.61 views

MODX Revolution CMS <= 2.6.3 Stored XSS Vulnerability

MODX CMS is prone to a stored cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

5.5CVSS5.6AI score0.02143EPSS
Exploits6References3
NVD
NVD
added 2018/04/05 1:29 p.m.18 views

CVE-2018-1000142

An exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin version 1.39.0 and older in GhprbCause.java that allows an attacker with local file system access to obtain GitHub credentials...

7.8CVSS7.4AI score0.00376EPSS
Exploits0References1
Prion
Prion
added 2018/04/05 1:29 p.m.16 views

Design/Logic Flaw

An exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin version 1.39.0 and older in GhprbCause.java that allows an attacker with local file system access to obtain GitHub credentials...

2.1CVSS6.2AI score0.00368EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2018/04/05 1:29 p.m.24 views

CVE-2018-1000143

An exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin version 1.39.0 and older in GhprbCause.java that allows an attacker with local file system access to obtain GitHub credentials...

6.7CVSS6.3AI score0.00368EPSS
Exploits0References1
OSV
OSV
added 2018/04/05 1:29 p.m.23 views

CVE-2018-1000142

An exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin version 1.39.0 and older in GhprbCause.java that allows an attacker with local file system access to obtain GitHub credentials...

7.8CVSS7.6AI score
Exploits0References1
OSV
OSV
added 2018/04/05 1:29 p.m.19 views

CVE-2018-1000143

An exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin version 1.39.0 and older in GhprbCause.java that allows an attacker with local file system access to obtain GitHub credentials...

6.7CVSS6.5AI score
Exploits0References1
CVE
CVE
added 2018/04/05 1:0 p.m.63 views

CVE-2018-1000142

CVE-2018-1000142 affects the Jenkins GitHub Pull Request Builder Plugin (versions 1.39.0 and older). The root cause is exposure of credentials stored in GhprbCause.java, allowing an attacker with local file system access to obtain GitHub credentials. The impact is sensitive credential disclosure ...

7.8CVSS7.3AI score0.00376EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2018/04/05 1:0 p.m.22 views

CVE-2018-1000143

An exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin version 1.39.0 and older in GhprbCause.java that allows an attacker with local file system access to obtain GitHub credentials...

6.2AI score0.00368EPSS
Exploits0References1
Node.js
Node.js
added 2017/09/25 7:16 p.m.61 views

Regular Expression Denial of Service

Overview Affected versions of string are vulnerable to regular expression denial of service when specifically crafted untrusted user input is passed into the underscore or unescapeHTML methods. Recommendation There is currently no direct patch for this vulnerability. Currently, the best solution ...

5CVSS2.7AI score0.01659EPSS
Exploits1Affected Software1
Atlassian
Atlassian
added 2017/01/04 11:36 p.m.16 views

XSS in pull request inbox

A potential XSS issue was identified in the pull request inbox, and has been fixed in Bitbucket Server 4.12.1...

1.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2017/01/04 11:36 p.m.20 views

XSS in pull request inbox

A potential XSS issue was identified in the pull request inbox, and has been fixed in Bitbucket Server 4.12.1...

1.7AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2016/10/12 12:0 a.m.23 views

openSUSE Security Update : python-Jinja2 (openSUSE-2016-1159)

This update for python-Jinja2 fixes the following issues : Update to version 2.8 : - Added target parameter to urlize function. - Added support for followsymlinks to the file system loader. - The truncate filter now counts the length. - Added equalto filter that helps with select filters. - Chang...

4.4CVSS8.1AI score0.0043EPSS
Exploits1References2
Hacker One
Hacker One
added 2016/01/28 2:54 p.m.18 views

Internet Bug Bounty: Integer overflow in wordwrap

https://github.com/php/php-src/pull/1738issuecomment-174260748...

6.9AI score
Exploits0
Node.js
Node.js
added 2016/01/28 7:56 a.m.30 views

Authentication Bypass

Overview Versions of hapi-auth-jwt2 prior to version 5.1.2 are affected by a complete authentication bypass vulnerability when in the try authentication mode. Recommendation Update to version 5.1.2 or later. References - Issue 111 - PR 112 - GitHub Advisory...

7.5CVSS6.1AI score0.02524EPSS
Exploits0Affected Software1
0day.today
0day.today
added 2015/10/04 12:0 a.m.22 views

Pygments FontManager._get_nix_font_path Shell Injection Vulnerability

Pygments FontManager.getnixfontpath version 1.2.2-2.0.2 suffers from a shell injection vulnerability. Shell Injection in Pygments FontManager.getnixfontpath Product: Pygments Version: 1.2.2-2.0.2 497:fe62167596bb to 3693:655dbebddc23 Tue Nov 06 17:30:45 2007 +0000 to Aug 21, 2015. Website:...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2014/08/26 12:0 a.m.75 views

TomatoCart v1.x &#40;latest-stable&#41; Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2014-3978 - Remote SQL Injection Vulnerability CVE-2014-3830 - Reflected Cross Site Scripting - ------------------------------------------------------------------------------ Title: TomatoCart v1.x latest-stable Remote SQL Injection Vulnerability...

6.5CVSS7.7AI score0.01727EPSS
Exploits8
0day.today
0day.today
added 2014/08/14 12:0 a.m.34 views

TomatoCart 1.x - SQL Injection Vulnerability

Exploit for php platform in category web applications Title: TomatoCart v1.x latest-stable Remote SQL Injection Vulnerability Background: TomatoCart is open source ecommerce solution developed and maintained by a number of 64,000+ users from 50+ countries and regions. It's distributed under the...

6.5CVSS6.5AI score0.01727EPSS
Exploits7
Rows per page
Query Builder