40 matches found
CVE-2021-25684
It was discovered that apport in data/apport did not properly open a report file to prevent hanging reads on a FIFO...
CVE-2020-2317
Jenkins FindBugs Plugin 5.0.0 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to provide report files to Jenkins FindBugs Plugin's post build step...
PT-2020-15551 · Jenkins · Jenkins Findbugs Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins FindBugs Plugin versions 5.0.0 and earlier Description: The issue is related to a stored cross-site scripting XSS vulnerability. It occurs because the annotation message in tooltips is not properly escaped, allowing attackers to injec...
CVE-2020-2265
Jenkins Coverage/Complexity Scatter Plot Plugin 1.1.1 and earlier does not escape the method information in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to provide report files to the plugin's post-build step...
CVE-2020-2265
Jenkins Coverage/Complexity Scatter Plot Plugin 1.1.1 and earlier does not escape the method information in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to provide report files to the plugin's post-build step...
Cross site scripting
Jenkins Android Lint Plugin 2.6 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to provide report files to the plugin's post-build step...
CVE-2020-2262
Jenkins Android Lint Plugin 2.6 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to provide report files to the plugin's post-build step...
CVE-2020-6012
ZoneAlarm Anti-Ransomware before version 1.0.713 copies files for the report from a directory with low privileges. A sophisticated timed attacker can replace those files with malicious or linked content, such as exploiting CVE-2020-0896 on unpatched systems or using symbolic links. This allows an...
DEBIAN-CVE-2020-13882
CISOfy Lynis before 3.0.0 has Incorrect Access Control because of a TOCTOU race condition. The routine to check the log and report file permissions was not working as intended and could be bypassed locally. Because of the race, an unprivileged attacker can set up a log and report file, and contro...
LAquis SCADA LGX Report Ini WriteString Arbitrary File Creation Vulnerability
This vulnerability allows remote attackers to create arbitrary files on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
LAquis SCADA LGX Report TextFile Append Arbitrary File Creation Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
LAquis SCADA LGX Report File BlockWrite Arbitrary File Creation Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
LAquis SCADA LGX Report ShellExecute Command Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
LAquis SCADA LGX Report TextFile Write Arbitrary File Creation Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
LAquis SCADA LGX Report AddComboFile Arbitrary File Creation Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
CVE-2018-16946
LG LNB, LND, LNU, and LNV smart network camera devices have broken access control. Attackers are able to download /updownload/t.report aka Log & Report files and download backup files via download.php without authenticating. These backup files contain user credentials and configuration informatio...
CVE-2018-16234
CVE-2018-16234 affects MorningStar WhatWeb 0.4.9, with a documented XSS vulnerability via JSON report files. The connected documents confirm the issue type but do not provide technical specifics on the exact root cause, vulnerable components, exploitation details, affected versions beyond 0.4.9, ...
Design/Logic Flaw
Windows Event Log SmartConnector in HP ArcSight Connector Appliance before 6.1 uses world-writable permissions for exported report files, which allows local users to change or delete log data by modifying a file, a different vulnerability than CVE-2011-0770...
AntiVir antivirus privilege escalation
notepad.exe is executed with local system privileges to view report files...
Crystal Enterprise report file crossite scripting
Crossite scripting with report files...