Lucene search
K

40 matches found

UbuntuCve
UbuntuCve
added 2021/02/02 6:0 p.m.28 views

CVE-2021-25684

It was discovered that apport in data/apport did not properly open a report file to prevent hanging reads on a FIFO...

8.8CVSS7.1AI score0.00568EPSS
Exploits1References3
OSV
OSV
added 2020/11/04 3:15 p.m.23 views

CVE-2020-2317

Jenkins FindBugs Plugin 5.0.0 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to provide report files to Jenkins FindBugs Plugin's post build step...

5.4CVSS5.4AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2020/11/04 12:0 a.m.5 views

PT-2020-15551 · Jenkins · Jenkins Findbugs Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins FindBugs Plugin versions 5.0.0 and earlier Description: The issue is related to a stored cross-site scripting XSS vulnerability. It occurs because the annotation message in tooltips is not properly escaped, allowing attackers to injec...

5.4CVSS5.1AI score0.00852EPSS
Exploits0References7
OSV
OSV
added 2020/09/16 2:15 p.m.8 views

CVE-2020-2265

Jenkins Coverage/Complexity Scatter Plot Plugin 1.1.1 and earlier does not escape the method information in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to provide report files to the plugin's post-build step...

5.4CVSS5.4AI score
Exploits0References2
NVD
NVD
added 2020/09/16 2:15 p.m.10 views

CVE-2020-2265

Jenkins Coverage/Complexity Scatter Plot Plugin 1.1.1 and earlier does not escape the method information in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to provide report files to the plugin's post-build step...

5.4CVSS0.00735EPSS
Exploits0References2
Prion
Prion
added 2020/09/16 2:15 p.m.16 views

Cross site scripting

Jenkins Android Lint Plugin 2.6 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to provide report files to the plugin's post-build step...

3.5CVSS5.2AI score0.00735EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/09/16 1:20 p.m.22 views

CVE-2020-2262

Jenkins Android Lint Plugin 2.6 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to provide report files to the plugin's post-build step...

5.2AI score0.00735EPSS
Exploits0References2
OSV
OSV
added 2020/08/04 2:15 p.m.1 views

CVE-2020-6012

ZoneAlarm Anti-Ransomware before version 1.0.713 copies files for the report from a directory with low privileges. A sophisticated timed attacker can replace those files with malicious or linked content, such as exploiting CVE-2020-0896 on unpatched systems or using symbolic links. This allows an...

7.4CVSS7.1AI score
Exploits0References3
OSV
OSV
added 2020/06/18 6:15 p.m.1 views

DEBIAN-CVE-2020-13882

CISOfy Lynis before 3.0.0 has Incorrect Access Control because of a TOCTOU race condition. The routine to check the log and report file permissions was not working as intended and could be bypassed locally. Because of the race, an unprivileged attacker can set up a log and report file, and contro...

4.2CVSS5.4AI score0.00256EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2019/01/19 12:0 a.m.18 views

LAquis SCADA LGX Report Ini WriteString Arbitrary File Creation Vulnerability

This vulnerability allows remote attackers to create arbitrary files on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.5CVSS1.7AI score0.02572EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2019/01/19 12:0 a.m.10 views

LAquis SCADA LGX Report TextFile Append Arbitrary File Creation Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.5CVSS1.9AI score0.02572EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2019/01/19 12:0 a.m.16 views

LAquis SCADA LGX Report File BlockWrite Arbitrary File Creation Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.5CVSS1.8AI score0.02572EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2019/01/19 12:0 a.m.38 views

LAquis SCADA LGX Report ShellExecute Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.5CVSS2.3AI score0.02572EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2019/01/19 12:0 a.m.27 views

LAquis SCADA LGX Report TextFile Write Arbitrary File Creation Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.5CVSS1.8AI score0.02572EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2019/01/19 12:0 a.m.22 views

LAquis SCADA LGX Report AddComboFile Arbitrary File Creation Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.5CVSS2.1AI score0.02572EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/09/12 1:0 a.m.23 views

CVE-2018-16946

LG LNB, LND, LNU, and LNV smart network camera devices have broken access control. Attackers are able to download /updownload/t.report aka Log & Report files and download backup files via download.php without authenticating. These backup files contain user credentials and configuration informatio...

7.5AI score0.09348EPSS
Exploits5References2
CVE
CVE
added 2018/08/30 10:0 p.m.40 views

CVE-2018-16234

CVE-2018-16234 affects MorningStar WhatWeb 0.4.9, with a documented XSS vulnerability via JSON report files. The connected documents confirm the issue type but do not provide technical specifics on the exact root cause, vulnerable components, exploitation details, affected versions beyond 0.4.9, ...

6.1CVSS5.9AI score0.00848EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2011/07/19 9:55 p.m.13 views

Design/Logic Flaw

Windows Event Log SmartConnector in HP ArcSight Connector Appliance before 6.1 uses world-writable permissions for exported report files, which allows local users to change or delete log data by modifying a file, a different vulnerability than CVE-2011-0770...

3.6CVSS6.8AI score0.03503EPSS
Exploits0References2Affected Software1
securityvulns
securityvulns
added 2006/03/12 12:0 a.m.36 views

AntiVir antivirus privilege escalation

notepad.exe is executed with local system privileges to view report files...

3.2AI score
Exploits0References1
securityvulns
securityvulns
added 2004/12/27 12:0 a.m.29 views

Crystal Enterprise report file crossite scripting

Crossite scripting with report files...

1.1AI score
Exploits0References1Affected Software1
Rows per page
Query Builder