PT-2019-11799 · Cloudbees +1 · Jenkins

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.196 and earlier, LTS versions 2.176.3 and earlier Description: The issue allows attackers to obtain the HTTP session cookie, despite it being marked HttpOnly, by exploiting another XSS vulnerability and accessing the /whoAm...

Common installation errors with Microsoft Office & how to avoid them

By Owais Sultan If you have bought your products from a genuine Microsoft reseller there won't be any installing issues whatsoever. This is a post from HackRead.com Read the original post: Common installation errors with Microsoft Office & how to avoid them...

PT-2019-4485 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel version 5.0.21 Description: The issue is related to a use-after-free in the ext4 put super function in fs/ext4/super.c, which is connected to the dump orphan list function in the same file. This can occur when mounting a crafted...

GHSA-MF6X-7MM4-X2G7 Out-of-bounds Read in stringstream

All versions of stringstream are vulnerable to out-of-bounds read as it allocates uninitialized Buffers when number is passed in input stream on Node.js 4.x and below. Recommendation No fix is currently available for this vulnerability. It is our recommendation to not install or use this module i...

Microsoft Windows Event Viewer CVE-2019-0948 Information Disclosure Vulnerability

Description Microsoft Windows Event Viewer is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows ...

Microsoft Windows GDI Component CVE-2019-0977 Information Disclosure Vulnerability

Description Microsoft Windows is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. Technologies Affected Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems...

PT-2019-8138 · Synology · Synology Diskstation Manager

Name of the Vulnerable Software and Affected Versions: Synology DiskStation Manager DSM versions prior to 6.1.4-15217-3 Description: A cross-site scripting XSS issue exists, allowing remote authenticated users to inject arbitrary web script or HTML. This is due to insufficient validation of user...

GHSA-8R98-RQG5-4VM3 node-browser downloads Resources over HTTP

Affected versions of node-browser insecurely downloads resources over HTTP. In scenarios where an attacker has a privileged network position, they can modify or read such resources at will. While the exact severity of impact for a vulnerability like this is highly variable and depends on the...

GHSA-3X83-P476-VV95 Downloads Resources over HTTP in selenium-standalone-painful

Affected versions of selenium-standalone-painful insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code...

GHSA-9GQH-Q4CX-F2H9 ipip downloads Resources over HTTP

Affected versions of ipip insecurely downloads resources over HTTP. In scenarios where an attacker has a privileged network position, they can modify or read such resources at will. While the exact severity of impact for a vulnerability like this is highly variable and depends on the behavior of...

GHSA-6V7P-J23V-4XMW robot-js downloads Resources over HTTP

Affected versions of robot-js insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the syste...

GHSA-5PQ8-2Q24-MJ3P Downloads Resources over HTTP in fis-parser-sass-bin

Affected versions of fis-parser-sass-bin insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution o...

GHSA-8CC8-8VVX-FHGW jdf-sass downloads Resources over HTTP

Affected versions of jdf-sass insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the syste...

PT-2018-16310 · Samsung · Samsung Smartthings Hub

Name of the Vulnerable Software and Affected Versions: Samsung SmartThings Hub STH-ETH-250 version 0.20.17 Description: An issue exists in the remote servers of Samsung SmartThings Hub where the hubCore process listens on port 39500 and relays unauthenticated messages. The servers incorrectly...

PT-2018-16202 · Unknown · Git-Dummy-Commit

Name of the Vulnerable Software and Affected Versions: git-dummy-commit version 1.3.0 Description: A command injection issue allows OS level commands to be executed due to an unescaped parameter. Recommendations: For git-dummy-commit version 1.3.0, consider restricting the use of the vulnerable...

Microsoft Windows GDI Component CVE-2018-8396 Information Disclosure Vulnerability

Description Microsoft Windows is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. Technologies Affected Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems...

PT-2018-6273 · Insteon · Insteon Hub

Name of the Vulnerable Software and Affected Versions: Insteon Hub version 1012 Description: An attacker could send an authenticated HTTP request to trigger this issue in Insteon Hub. The value for the s url key is copied using strcpy to the buffer at 0xa0001a0c. This buffer is 16 bytes large, an...

OracleVM 3.3 : Unbreakable / etc (OVMSA-2018-0237)

The remote OracleVM system is missing necessary patches to address critical security updates : - dm: fix race between dmgetfromkobject and dmdestroy Hou Tao CVE-2017-18203 - drm: udl: Properly check framebuffer mmap offsets Greg Kroah-Hartman Orabug: 27986407 CVE-2018-8781 - kernel/exit.c: avoid...

perpustakaan.undiksha.ac.id XSS vulnerability

Open Bug Bounty ID: OBB-607581 Description| Value ---|--- Affected Website:| perpustakaan.undiksha.ac.id Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

PT-2018-9820 · Wuzhi · Wuzhi Cms

Name of the Vulnerable Software and Affected Versions: WUZHI CMS version 4.1.0 Description: The issue allows for persistent XSS via the form%5Bqq 10%5D parameter to the "/index.php?m=member&f=index&v=profile&set iframe=1" URI. This enables potential attackers to inject malicious scripts into the...