Lucene search
+L

359 matches found

prion
prion
added 2019/11/13 11:15 p.m.18 views

Code injection

Trac 0.11.6 does not properly check workflow permissions before modifying a ticket. This can be exploited by an attacker to change the status and resolution of tickets without having proper permissions...

5CVSS6.9AI score0.01303EPSS
Exploits0References3Affected Software2
cvelist
cvelist
added 2019/11/13 10:33 p.m.15 views

CVE-2010-5108

Trac 0.11.6 does not properly check workflow permissions before modifying a ticket. This can be exploited by an attacker to change the status and resolution of tickets without having proper permissions...

7.5AI score0.01303EPSS
Exploits0References3
cve
cve
added 2019/11/13 10:33 p.m.51 views

CVE-2010-5108

The provided connected documents confirm a concrete vulnerability: Trac 0.11.6 does not properly check workflow permissions before modifying a ticket. The root cause is an improper permission check during workflow transitions, which could let an attacker change a ticket’s status and resolution wi...

7.5CVSS7.4AI score0.01303EPSS
Exploits0References3Affected Software1
debiancve
debiancve
added 2019/11/13 10:33 p.m.22 views

CVE-2010-5108

Trac 0.11.6 does not properly check workflow permissions before modifying a ticket. This can be exploited by an attacker to change the status and resolution of tickets without having proper permissions...

7.5CVSS7.4AI score0.01303EPSS
Exploits0
redhatcve
redhatcve
added 2019/10/04 8:55 p.m.15 views

CVE-2008-5646

Unspecified vulnerability in Trac before 0.11.2 allows attackers to cause a denial of service via unknown attack vectors related to "certain wiki markup."...

7.5CVSS6.6AI score0.01227EPSS
Exploits0References3
cnvd
cnvd
added 2019/08/23 12:0 a.m.3 views

CloudBees Jenkins Trac Publisher Plugin Trust Management Issue Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version of the release/testing project and some timed tasks . Trac Publisher Plugin is used in one of...

8.8CVSS6.9AI score0.01365EPSS
Exploits0References1
nvd
nvd
added 2019/04/04 4:29 p.m.17 views

CVE-2019-1003067

Jenkins Trac Publisher Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

8.8CVSS8.7AI score0.01365EPSS
Exploits0References3
prion
prion
added 2019/04/04 4:29 p.m.11 views

Design/Logic Flaw

Jenkins Trac Publisher Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

4CVSS8.6AI score0.01365EPSS
Exploits0References3
cvelist
cvelist
added 2019/04/04 3:38 p.m.16 views

CVE-2019-1003067

Jenkins Trac Publisher Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

8.7AI score0.01365EPSS
Exploits0References3
cve
cve
added 2019/04/04 3:38 p.m.63 views

CVE-2019-1003067

CVE-2019-1003067 describes a credential exposure in the Jenkins Trac Publisher Plugin where credentials are stored in plaintext in job config.xml on the Jenkins master/controller. The root cause is unencrypted credential storage in the plugin’s configuration files, making credentials viewable by ...

8.8CVSS8.6AI score0.01365EPSS
Exploits0References3Affected Software1
alpinelinux
alpinelinux
added 2019/04/04 3:38 p.m.24 views

CVE-2019-1003067

Jenkins Trac Publisher Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

8.8CVSS3.3AI score0.01365EPSS
Exploits0References3
openbugbounty
openbugbounty
added 2017/12/13 3:39 p.m.17 views

trac-fund.com XSS vulnerability

Open Bug Bounty ID: OBB-452924 Description| Value ---|--- Affected Website:| trac-fund.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat She...

6.4AI score
Exploits0
hackerone
hackerone
added 2016/06/17 11:2 p.m.25 views

Nextcloud: Lost Password CSRF

Hi, I think it is something about your Wordpress version.It's not something highy risky bu it is vulnerability. CODE: Username or Email For testing CSRF I added the .html file to attachments.And there is a screenshot for you. How To Fix : Adding rpkey will be fine. Please take a look at links bel...

0.1AI score
Exploits0
fedora
fedora
added 2015/11/26 4:58 a.m.23 views

[SECURITY] Fedora 21 Update: libreport-2.3.0-10.fc21

Libraries providing API for reporting different problems in applications to different bug targets like Bugzilla, ftp, trac, etc...

5CVSS6.4AI score0.02823EPSS
Exploits0
fedora
fedora
added 2015/10/31 4:10 p.m.26 views

[SECURITY] Fedora 23 Update: libreport-2.6.3-1.fc23

Libraries providing API for reporting different problems in applications to different bug targets like Bugzilla, ftp, trac, etc...

5CVSS6.4AI score0.02823EPSS
Exploits0
fedora
fedora
added 2015/10/28 4:29 p.m.24 views

[SECURITY] Fedora 22 Update: libreport-2.6.3-1.fc22

Libraries providing API for reporting different problems in applications to different bug targets like Bugzilla, ftp, trac, etc...

5CVSS6.4AI score0.02823EPSS
Exploits0
fedora
fedora
added 2015/06/30 8:20 p.m.32 views

[SECURITY] Fedora 21 Update: libreport-2.3.0-8.fc21

Libraries providing API for reporting different problems in applications to different bug targets like Bugzilla, ftp, trac, etc...

7.8CVSS2AI score0.04776EPSS
Exploits4
fedora
fedora
added 2015/06/21 12:33 a.m.25 views

[SECURITY] Fedora 22 Update: libreport-2.6.0-1.fc22

Libraries providing API for reporting different problems in applications to different bug targets like Bugzilla, ftp, trac, etc...

7.8CVSS2AI score0.04776EPSS
Exploits4
bdu_fstec
bdu_fstec
added 2015/04/28 12:0 a.m.8 views

Vulnerabilities in the Debian GNU/Linux operating system that allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information

The numerous vulnerabilities in the trac-git package of the Debian GNU/Linux operating system may lead to breaches of the confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited remotely...

6.8CVSS5.4AI score0.03373EPSS
Exploits0References3Affected Software1
packetstorm
packetstorm
added 2014/07/06 12:0 a.m.22 views

Wordpress MailPoet (wysija-newsletters) Unauthenticated File Upload

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Wordpress MailPoet wysija-newsletters Unauthenticated File Upload', 'Description' = %q The Wordpress plugin "MailPoet Newsletters"...

0.1AI score
Exploits0
Rows per page
Query Builder