EUVD-2022-4407

Malicious code in bioql PyPI...

CVE-2019-10423

Jenkins CodeScan Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...

Jenkins CodeScan Plugin has Insufficiently Protected Credentials

CodeScan Plugin stores an API key unencrypted in its global configuration file com.villagechief.codescan.jenkins.CodeScanBuilder.xml on the Jenkins controller. This API key can be viewed by users with access to the Jenkins controller file system. As of publication of this advisory, there is no fi...

GHSA-JP8R-JH5J-CGWF Jenkins CodeScan Plugin has Insufficiently Protected Credentials

CodeScan Plugin stores an API key unencrypted in its global configuration file com.villagechief.codescan.jenkins.CodeScanBuilder.xml on the Jenkins controller. This API key can be viewed by users with access to the Jenkins controller file system. As of publication of this advisory, there is no fi...

CloudBees Jenkins CodeScan Plugin has an Unspecified Vulnerability Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . CodeScan Plugin is used in one of the plug-i...

CVE-2019-10423

Jenkins CodeScan Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...

Design/Logic Flaw

Jenkins CodeScan Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...

CVE-2019-10423

CVE-2019-10423 affects the Jenkins CodeScan Plugin, which stores credentials unencrypted in the plugin’s global configuration file on the Jenkins master/controller. The root cause is unencrypted storage of sensitive data (including credentials and an API key) in com.villagechief.codescan.jenkins....

CVE-2019-10423

Jenkins CodeScan Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...

PT-2019-11817 · Jenkins · Jenkins Codescan Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins CodeScan Plugin affected versions not specified Description: The issue concerns the storage of sensitive information in an unencrypted manner. Specifically, the Jenkins CodeScan Plugin stores credentials and an API key unencrypted in...

jQuery Validate 1.6.0 Demo Code Advisory

+----------------------------------------------+ ADVISORY – jQuery Validate 1.6.0 Demo Code AFFECTED PACKAGES jQuery Validate 1.6.0 SilverStripe 2.3.X to 2.3.5 Discovered By CodeScan.com +----------------------------------------------+ Vendor's Website:...

jQuery 2.3.5 Cross Site Scripting Vulnerability

Exploit for unknown platform in category web applications =============================================== jQuery 2.3.5 Cross Site Scripting Vulnerability =============================================== +----------------------------------------------+ ADVISORY jQuery Validate 1.6.0 Demo Code...

jQuery Validate 1.6.0 Cross Site Scripting

+----------------------------------------------+ ADVISORY – jQuery Validate 1.6.0 Demo Code AFFECTED PACKAGES jQuery Validate 1.6.0 SilverStripe 2.3.X to 2.3.5 Discovered By CodeScan.com +----------------------------------------------+ Vendor's Website:...

Insufficient User Input Validation in VP-ASP 6.50 Demo Code

======================================================================== = CodeScan Advisory, codescan.com [email protected] = = Insufficient User Input Validation in VP-ASP 6.50 Demo Code = = Vendor Website: = http://www.vpasp.com/ = = Affected Version: = VP-ASP Shopping Cart 6.50 Demo Cod...

Multiple Vulnerabilities in XOOPS 2.4.3 and earlier

======================================================================== = CodeScan Advisory, codescan.com [email protected] = = Multiple vulnerablities in Xoops 2.4.3 = = Vendor Website: = http://www.xoops.org = = Affected Version: = Xoops 2.4.3 And Earlier = = Researched By = CodeScan Lab...

CVE-2006-2530

avatarupload.asp in Avatar MOD 1.3 for Snitz Forums 3.4, and possibly other versions, allows remote attackers to bypass file type checks and upload arbitrary files via a null byte in the file name, as discovered by the Codescan product...

Type confusion

avatarupload.asp in Avatar MOD 1.3 for Snitz Forums 3.4, and possibly other versions, allows remote attackers to bypass file type checks and upload arbitrary files via a null byte in the file name, as discovered by the Codescan product...

CVE-2006-2530

avatarupload.asp in Avatar MOD 1.3 for Snitz Forums 3.4, and possibly other versions, allows remote attackers to bypass file type checks and upload arbitrary files via a null byte in the file name, as discovered by the Codescan product...

CVE-2006-2530

CVE-2006-2530 affects Avatar MOD 1.3 for Snitz Forums 3.4 (and possibly other versions). The issue arises in avatar_upload.asp where remote attackers can bypass file type checks and upload arbitrary files by inserting a null byte in the file name. This constitutes an input validation bypass in th...

[Full-disclosure] CodeScan Advisory: Avatar MOD v1.3 for Snitz Forums v3.4 - Arbitrary File Upload

======================================================================== = CodeScan Advisory, codescan.com [email protected] = http://www.codescan.com/Advisories/CodeScanLabsAvatarMod.html = = Avatar MOD v1.3 for Snitz Forums v3.4 - Arbitrary File Upload = = Vendor Website: =...