CVE-2020-2172

Jenkins Code Coverage API Plugin 1.1.4 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2020-2172

Jenkins Code Coverage API Plugin 1.1.4 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

Xxe

Jenkins Code Coverage API Plugin 1.1.4 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2020-2172

Vulnerability summary: Jenkins Code Coverage API Plugin (versions 1.1.4 and earlier) is affected by an XXE flaw caused by an unconfigured XML parser. This could allow a user who supplies input files for the “Publish Coverage Report” step to trigger external entities, potentially exposing secrets ...

CVE-2020-2172

Jenkins Code Coverage API Plugin 1.1.4 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

PT-2020-15382 · Jenkins · Jenkins Code Coverage Api Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Code Coverage API Plugin versions 1.1.4 and earlier Description: The issue allows a user who can control the input files for the "Publish Coverage Report" post-build step to have Jenkins parse a crafted file that uses external entitie...

CloudBees Jenkins Code Coverage API Plugin Cross-Site Scripting Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . A cross-site scripting...

CVE-2020-2106

Jenkins Code Coverage API Plugin 1.1.2 and earlier does not escape the filename of the coverage report used in its view, resulting in a stored XSS vulnerability exploitable by users able to change job configurations...

CVE-2020-2106

Jenkins Code Coverage API Plugin 1.1.2 and earlier does not escape the filename of the coverage report used in its view, resulting in a stored XSS vulnerability exploitable by users able to change job configurations...

Cross site scripting

Jenkins Code Coverage API Plugin 1.1.2 and earlier does not escape the filename of the coverage report used in its view, resulting in a stored XSS vulnerability exploitable by users able to change job configurations...

CVE-2020-2106

CVE-2020-2106 affects Jenkins Code Coverage API Plugin (versions ≤ 1.1.2). The vulnerability is a stored XSS: the plugin does not escape the coverage report filename in its view, enabling a user who can modify a Jenkins job configuration to inject malicious script. Exploitation context is restric...

CVE-2020-2106

Jenkins Code Coverage API Plugin 1.1.2 and earlier does not escape the filename of the coverage report used in its view, resulting in a stored XSS vulnerability exploitable by users able to change job configurations...

PT-2020-15313 · Jenkins · Jenkins Code Coverage Api Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Code Coverage API Plugin versions 1.1.2 and earlier Description: The issue is related to a stored XSS vulnerability. It occurs because the filename of the coverage report used in its view is not properly escaped, allowing users who ca...

Applepie - A Hypervisor For Fuzzing Built With WHVP And Bochs

Hello! Welcome to applepie! This is a tool designed for fuzzing, introspection, and finding bugs! This is a hypervisor using the Windows Hypervisor Platform API present in recent versions of Windows specifically this was developed and tested on Windows 10 17763. Bochs is used for providing deep...

honggfuzz vulnerability mining technology principle analysis-vulnerability warning-the black bar safety net

Google AFLWinAFL, the libfuzzer and honggfuzz is the most famous of the three based on code coverage fuzzer is. Online on the AFLWinAFLanalysis of the articles more, and on the latter two Analysis Articles less. Before the spring brother has written about honggfuzz article: honggfuzz vulnerabilit...

Double-Free RCE in VLC. A honggfuzz how-to

Introduction I spent three months working on VLC using Honggfuzz, tweaking it to suit the target. In the process, I found five vulnerabilities, one of which was a high-risk double-free issue and merited CVE-2019-12874. Here’s the VLC advisory . Here’s how I found it. I hope you find the how-to...

Hidden for 19 years WinRAR code execution vulnerability-vulnerability warning-the black bar safety net

The researchers found WinRAR logic vulnerabilities that can full access to the victims computer control. The exploit only requires from the compressed file to extract it can work, more than 5 million users affected. More importantly, the vulnerability has been there 19 years, forcing WinRAR...

Malware monitor - leveraging PyREBox for malware analysis

This post was authored by Xabier Ugarte Pedrero In July 2017 we released PyREBox, a Python Scriptable Reverse Engineering Sandbox as an open source tool. This project is part of our continuous effort to create new tools to improve our workflows. PyREBox is a versatile instrumentation framework...

Dynamic Instrumentation Tool Platform: DynamoRIO

Dynamic Instrumentation Tool Platform DynamoRIO is a runtime code manipulation system that supports code transformations on any part of a program, while it executes. DynamoRIO exports an interface for building dynamic tools for a wide variety of uses: program analysis and understanding, profiling...

PHP Vulnerability Hunter v.1.1.4.6 - Automated fuzz testing tool

PHP Vulnerability Hunter v.1.1.4.6 - Automated fuzz testing tool This is the application that detected almost all of the web application vulnerabilities listed on the advisories page. PHP Vulnerability Hunter is an advanced automated whitebox fuzz testing tool capable of triggering a wide range o...