348 matches found
[SECURITY] Fedora 35 Update: drupal7-7.92-1.fc35
Equipped with a powerful blend of features, Drupal is a Content Management System written in PHP that can support a variety of websites ranging from personal weblogs to large community-driven websites. Drupal is highly configurable, skinnable, and secure...
[SECURITY] Fedora 36 Update: drupal7-7.92-1.fc36
Equipped with a powerful blend of features, Drupal is a Content Management System written in PHP that can support a variety of websites ranging from personal weblogs to large community-driven websites. Drupal is highly configurable, skinnable, and secure...
Design/Logic Flaw
Jenkins Katalon Plugin 1.0.32 and earlier implements an agent/controller message that does not limit where it can be executed and allows invoking Katalon with configurable arguments, allowing attackers able to control agent processes to invoke Katalon on the Jenkins controller with...
CATS - REST API Fuzzer And Negative Testing Tool For OpenAPI Endpoints
REST API fuzzer and negative testing tool. Run thousands of self-healing API tests within minutes with no coding effort! Comprehensive : tests are generated automatically based on a large number scenarios and cover every field and header Intelligent : tests are generated based on data types and...
CVE-2022-28169 - Brocade Fabric OS Privilege Escalation Vulnerability (BSA-2022-2075)
Security Advisory ID : BSA-2022-2075 Component : Webtools Revision : 3.1 Brocade Webtools in Brocade Fabric OS versions before Brocade Fabric OS versions v9.1.1, v9.0.1e, and v8.2.3c could allow a low privilege webtools user to gain elevated admin rights, or privileges, beyond what is intended or...
Esri Portal For ArcGis 跨站脚本漏洞
Esri Portal For ArcGis is a component of Esri, Inc. that allows maps, scenes, applications, and other geographic information to be shared with others within an organization. A security vulnerability exists in Esri Portal For ArcGis, which stems from stored cross-site scripting XSS in configurable...
[SECURITY] Fedora 35 Update: osmo-0.4.4-2.fc35
Osmo is a handy personal organizer which includes calendar, tasks manager and address book modules. It was designed to be a small, easy to use and good looking PIM tool to help to manage personal information. In current state the organizer is quite convenient in use - for example, user can perfor...
[SECURITY] Fedora 36 Update: osmo-0.4.4-2.fc36
Osmo is a handy personal organizer which includes calendar, tasks manager and address book modules. It was designed to be a small, easy to use and good looking PIM tool to help to manage personal information. In current state the organizer is quite convenient in use - for example, user can perfor...
PT-2022-3088 · Jtekt · Jtekt Toyopuc Plcs
Name of the Vulnerable Software and Affected Versions: JTEKT TOYOPUC PLCs through 2022-04-29 Description: The issue is related to the mishandling of authentication in JTEKT TOYOPUC PLCs. They utilize the CMPLink/TCP protocol, which is configurable on ports 1024-65534 on either TCP or UDP, for...
GHSA-978J-88F3-P5J3 Threshold value is ignored (all shares are n=3)
Affected versions of this crate did not properly calculate secret shares requirements. This reduces the security of the algorithm by restricting the crate to always using a threshold value of three, rather than a configurable limit. The flaw was corrected by correctly configuring the threshold...
gogo
gogo blog posts. - https://chainreactors.github.io/wiki/blog...
Dominion Voting Systems ImageCast X has an unspecified vulnerability
Dominion Voting Systems ImageCast X is an intuitive and configurable face-to-face voting solution from Dominion Voting Systems.A security vulnerability exists in Dominion Voting Systems ImageCast X that could be exploited by an attacker to disguise a malicious application on the device...
Magento has an XML Injection vulnerability
Magento Commerce versions 2.4.2 and earlier, 2.4.2-p1 and earlier and 2.3.7 and earlier are affected by an XML Injection vulnerability when saving a configurable product. An attacker with admin privileges can trigger a specially crafted script to achieve remote code execution...
GHSA-5PJJ-7FQ8-9GPF Magento has an XML Injection vulnerability
Magento Commerce versions 2.4.2 and earlier, 2.4.2-p1 and earlier and 2.3.7 and earlier are affected by an XML Injection vulnerability when saving a configurable product. An attacker with admin privileges can trigger a specially crafted script to achieve remote code execution...
Stored XSS vulnerability in Jenkins Link Column Plugin
Link Column Plugin allows users with View/Configure permission to add a new column to list views that contain a user-configurable link.\n\nLink Column Plugin 1.0 and earlier does not filter the URL for these links, allowing the javascript: scheme. This results in a stored cross-site scripting XSS...
GHSA-Q2MM-W3QC-2936 Stored XSS vulnerability in Jenkins Link Column Plugin
Link Column Plugin allows users with View/Configure permission to add a new column to list views that contain a user-configurable link.\n\nLink Column Plugin 1.0 and earlier does not filter the URL for these links, allowing the javascript: scheme. This results in a stored cross-site scripting XSS...
workflow-multibranch: Pipeline-related plugins follow symbolic links or do not limit path names
A flaw was found in Jenkins. The Pipeline: Multibranch follows symbolic links to locations outside of the checkout directory for the configured SCM when reading files using the readTrusted step. This flaw allows attackers that can configure Pipelines, to read arbitrary files on the Jenkins...
ChopChop - ChopChop Is A CLI To Help Developers Scanning Endpoints And Identifying Exposition Of Sensitive Services/Files/Folders
ChopChop is a command-line tool for dynamic application security testing on web applications, initially written by the Michelin CERT. Its goal is to scan several endpoints and identify exposition of services/files/folders through the webroot. Checks/Signatures are declared in a config file by...
[SECURITY] Fedora 35 Update: drupal7-7.82-1.fc35
Equipped with a powerful blend of features, Drupal is a Content Management System written in PHP that can support a variety of websites ranging from personal weblogs to large community-driven websites. Drupal is highly configurable, skinnable, and secure...
SoSafe Configurable 代码问题漏洞
SoSafe Configurable is a software application from Schneider-electric, France. A configuration software. A code issue vulnerability exists in SoSafe Configurable that stems from code execution that could result from opening a malicious project file...