CVE-2022-29039

Jenkins Gerrit Trigger Plugin 2.35.2 and earlier does not escape the name and description of Base64 Encoded String parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

CodeChecker has a Path traversal in `CodeChecker server` in the endpoint of `CodeChecker store`

Summary ZIP files uploaded to the server-side endpoint handling a CodeChecker store are not properly sanitized. An attacker can exercise a path traversal to make the CodeChecker server load and display files from an arbitrary location on the server machine. Details Target The vulnerable endpoint ...

Gibbon LMS < v26.0.00 - Authenticated RCE

Exploit Title: Gibbon LMS has a PHP Deserialization vulnerability on the v26.0.00 version Date: 22.01.2024 Exploit Author: SecondX.io Research TeamAli Maharramli,Fikrat Guliev,Islam Rzayev Vendor Homepage: https://gibbonedu.org/ Software Link: https://github.com/GibbonEdu/core Version: v26.0.00...

Malicious npm Packages Found Exfiltrating Sensitive Data from Developers

Cybersecurity researchers have discovered a new bunch of malicious packages on the npm package registry that are designed to exfiltrate sensitive developer information. Software supply chain firm Phylum, which first identified the "test" packages on July 31, 2023, said they "demonstrated increasi...

Jenkins Gerrit Trigger Plugin Cross-Site Scripting Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.A cross-site scripting vulnerability exis...

CVE-2022-29039

Jenkins Gerrit Trigger Plugin 2.35.2 and earlier does not escape the name and description of Base64 Encoded String parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

Cross site scripting

Jenkins Gerrit Trigger Plugin 2.35.2 and earlier does not escape the name and description of Base64 Encoded String parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

CVE-2022-24982

Forms generated by JQueryForm.com before 2022-02-05 allows a remote authenticated attacker to access the cleartext credentials of all other form users. admin.php contains a hidden base64-encoded string with these credentials...

Поиск работы на HeadHunter. Вакансии рядом с домом - Base64 encoded String, Customized SSL, Dangerous filesystem permissions vulnerabilities

HackApp vulnerability scanner discovered that application Поиск работы на HeadHunter. Вакансии рядом с домом published at the 'play' market has multiple vulnerabilities...

Security Master - Antivirus, VPN, AppLock, Booster - Base64 encoded String, Exported ContentProvider, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Security Master - Antivirus, VPN, AppLock, Booster published at the 'play' market has multiple vulnerabilities...

Vivalines Turizm - Base64 encoded String, Customized SSL, Redefined SSL Common Names verifier vulnerabilities

HackApp vulnerability scanner discovered that application Vivalines Turizm published at the 'play' market has multiple vulnerabilities...

Бородач. День рождения Иришки - Base64 encoded String, Customized SSL, Dangerous filesystem permissions vulnerabilities

HackApp vulnerability scanner discovered that application Бородач. День рождения Иришки published at the 'play' market has multiple vulnerabilities...

TextNow - free text + calls - Base64 encoded String, Exported ContentProvider, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application TextNow - free text + calls published at the 'play' market has multiple vulnerabilities...

VMware Boxer - Base64 encoded String, Customized SSL, Exported ContentProvider vulnerabilities

HackApp vulnerability scanner discovered that application VMware Boxer published at the 'play' market has multiple vulnerabilities...

Root Browser - Base64 encoded String, Customized SSL, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Root Browser published at the 'play' market has multiple vulnerabilities...

CA24 Mobile - Base64 encoded String, Customized SSL, Exported ContentProvider vulnerabilities

HackApp vulnerability scanner discovered that application CA24 Mobile published at the 'play' market has multiple vulnerabilities...

Dream League Soccer 2017 - Base64 encoded String, Exported ContentProvider, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Dream League Soccer 2017 published at the 'play' market has multiple vulnerabilities...

Breaking News & Hot Stories - Base64 encoded String, Customized SSL, Dangerous filesystem permissions vulnerabilities

HackApp vulnerability scanner discovered that application Breaking News & Hot Stories published at the 'play' market has multiple vulnerabilities...

IPTVPanel Client - Base64 encoded String, Customized SSL, Dangerous filesystem permissions vulnerabilities

HackApp vulnerability scanner discovered that application IPTVPanel Client published at the 'play' market has multiple vulnerabilities...

SafeNet MobilePASS+ - Base64 encoded String, Customized SSL vulnerabilities

HackApp vulnerability scanner discovered that application SafeNet MobilePASS+ published at the 'play' market has multiple vulnerabilities...