PT-2019-11388 · Jenkins · Jenkins Openid Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins openid Plugin affected versions not specified Description: A cross-site request forgery issue exists in the OpenIdSsoSecurityRealm.DescriptorImpldoValidate form validation method, allowing attackers to initiate a connection to an...

PT-2019-11349 · Jenkins · Jenkins Ftp Publisher Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins FTP publisher Plugin affected versions not specified Description: A missing permission check in the FTPPublisher.DescriptorImpldoLoginCheck method allows attackers with Overall/Read permission to initiate a connection to an...

CVE-2019-1003047

A missing permission check in Jenkins Fortify on Demand Uploader Plugin 3.0.10 and earlier allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server...

PT-2019-11336 · Jenkins · Jenkins Fortify On Demand Uploader Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Fortify on Demand Uploader Plugin versions 3.0.10 and earlier Description: A cross-site request forgery issue allows attackers to initiate a connection to an attacker-specified server. Recommendations: For Jenkins Fortify on Demand...

PT-2019-11337 · Jenkins · Jenkins Fortify On Demand Uploader Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Fortify on Demand Uploader Plugin versions 3.0.10 and earlier Description: A missing permission check in the plugin allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. Recommendation...

CVE-2019-1003020

A server-side request forgery vulnerability exists in Jenkins Kanboard Plugin 1.5.10 and earlier in KanboardGlobalConfiguration.java that allows attackers with Overall/Read permission to submit a GET request to an attacker-specified URL...

CVE-2018-1000416

The CVE-2018-1000416 entry concerns Jenkins Job Config History Plugin (versions up to 2.18) with a reflected cross-site scripting (XSS) flaw in all Jelly files that allows an attacker to inject arbitrary HTML into Jenkins output shown to users who have Job/Configure access. This is a client-side ...

CVE-2018-20576

Orange Livebox 00.96.320S devices allow cgi-bin/autodialing.exe and cgi-bin/phonetest.exe CSRF, leading to arbitrary outbound telephone calls to an attacker-specified telephone number. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1A, Hardware 02, and Arcadyan...

CVE-2018-1999039

A server-side request forgery vulnerability exists in Jenkins Confluence Publisher Plugin 2.0.1 and earlier in ConfluenceSite.java that allows attackers to have Jenkins submit login requests to an attacker-specified Confluence server URL with attacker specified credentials...

CVE-2018-1000183

A exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.0 and older in GitHubServerConfig.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing...

HolaCMS 1.2/1.4.x Voting Module Remote File Corruption Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/12789/info HolaCMS is prone to a vulnerability that may allow remote users to corrupt files on the server. This is due an input validation error that allows users to submit voting data to an attacker-specified file. It ha...

Xine 0.9.x And Xine-Lib 1 Multiple Remote File Overwrite Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/10193/info It has been reported that the xine media player and the xine media library are affected by multiple remote file overwrite vulnerabilities. This is due to a design error that allows various media resource file...

ModernGigabyte ModernBill 4.3 - news.php File Inclusion

ModernGigabyte ModernBill 4.3 - news.php File Inclusion source: https://www.securityfocus.com/bid/13086/info ModernBill is prone to a remote file include vulnerability. The problem presents itself specifically when an attacker passes the location of a remote attacker-specified script through the...

ModernGigabyte ModernBill 4.3 - 'news.php' File Inclusion

source: https://www.securityfocus.com/bid/13086/info ModernBill is prone to a remote file include vulnerability. The problem presents itself specifically when an attacker passes the location of a remote attacker-specified script through the 'news.php' script. ModernBill 4.3 and prior versions are...

PayPal Store Front 3.0 - index.php Remote File Inclusion

PayPal Store Front 3.0 - index.php Remote File Inclusion source: https://www.securityfocus.com/bid/8791/info PayPal Store Front is prone to a remote file include vulnerability. It may be possible for a remote attacker to influence the include path for an external page to point to an...

phpMyNewsletter 0.6.10 - Remote File Inclusion

phpMyNewsletter 0.6.10 - Remote File Inclusion source: https://www.securityfocus.com/bid/5886/info A vulnerability has been discovered in phpMyNewsLetter. Reportedly, it is possible to pass an attacker-specified file include location to a CGI paramter of the 'customize.php' script. This may allow...