Lucene search
K

277 matches found

Cvelist
Cvelist
added 2020/11/04 2:35 p.m.37 views

CVE-2020-2318

Jenkins Mail Commander Plugin for Jenkins-ci Plugin 1.0.0 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

6.4AI score0.01032EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2020/11/04 12:0 a.m.5 views

PT-2020-15552 · Jenkins Ci +1 · Jenkins Mail Commander Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Mail Commander Plugin for Jenkins-ci Plugin version 1.0.0 and earlier Description: The issue concerns the storage of passwords in an unencrypted manner in job config.xml files on the Jenkins controller. These passwords can be accessed...

6.5CVSS6.4AI score0.01032EPSS
Exploits0References7
CNVD
CNVD
added 2020/10/11 12:0 a.m.3 views

CloudBees Jenkins SMS Notification Plugin Unauthorized Access Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Audit Trail Plugin is used in one of the audi...

3.3CVSS6.6AI score0.00335EPSS
Exploits0References1
CNVD
CNVD
added 2020/09/02 12:0 a.m.5 views

CloudBees Jenkins Information Disclosure Vulnerability (CNVD-2020-51391)

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version of the release/test project and some timed tasks . LTS is a long-term support for...

4.3CVSS6.6AI score0.00524EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2020/09/01 1:50 p.m.25 views

CVE-2020-2249

Jenkins Team Foundation Server Plugin 5.157.1 and earlier stores a webhook secret unencrypted in its global configuration file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system...

3.3CVSS3.5AI score0.00257EPSS
Exploits0References2
CNVD
CNVD
added 2020/03/26 12:0 a.m.2 views

File Deletion Vulnerability in YCCMS Controller Directory Na***.class.php

YCCMS is a PHP version of a lightweight CMS builder. A file deletion vulnerability exists in the YCCMS controller directory Na.cl.php, which can be exploited by an attacker to delete any file in any directory...

6.9AI score
Exploits0
Positive Technologies
Positive Technologies
added 2019/09/25 12:0 a.m.5 views

PT-2019-11813 · Vmware +2 · Vfabric Application Director Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins vFabric Application Director Plugin affected versions not specified Description: The issue concerns the storage of credentials in an unencrypted manner within the global configuration file of the Jenkins master. Specifically, the...

5.5CVSS5.3AI score0.00321EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2019/09/25 12:0 a.m.7 views

PT-2019-11818 · Jenkins · Jenkins Eloyente Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins elOyente Plugin affected versions not specified Description: The issue concerns the storage of credentials in an unencrypted manner within the global configuration file of the Jenkins master. Specifically, the elOyente Plugin stores a...

5.5CVSS5.4AI score0.00348EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2019/04/04 12:0 a.m.4 views

PT-2019-11365 · Jenkins · Jenkins Audit To Database Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins Audit to Database Plugin affected versions not specified Description: The issue concerns the storage of credentials in an unencrypted manner within the global configuration file. Specifically, database credentials are stored unencrypt...

8.8CVSS8.4AI score0.01365EPSS
Exploits0References6
CNVD
CNVD
added 2018/09/06 12:0 a.m.2 views

SQL Injection Vulnerability in Uc365 Website Category Navigation System

Yuko 365 website classification navigation system is an open source navigation management system based on PHP + MYSQL development and construction. Uke365 website navigation system v1.1.3 app/admin/controller/ar.php page SQL injection vulnerability , the vulnerability stems from the system fails ...

7.7AI score
Exploits0
myhack58
myhack58
added 2018/08/23 12:0 a.m.1944 views

UEditor editor two version of the arbitrary file upload vulnerability analysis-vulnerability warning-the black bar safety net

0x01 introduction UEditor by Baidu WEB front-end R & D Department development of WYSIWYG the open source rich text editor with lightweight, customizable, the user experience is excellent and other characteristics, by the majority of WEB applications use; this broke the high-risk vulnerabilities...

7.5AI score
Exploits0
CNVD
CNVD
added 2018/05/15 12:0 a.m.4 views

SDcms Cross-Site Request Forgery Vulnerability

SDcms is a PHP and MySQL based enterprise building content management system CMS by China Smoke & Fire Network Technology. A cross-site request forgery vulnerability exists in the /WWW//app/admin/controller/admincontroller.php file in SDcms version 1.5. A remote attacker can exploit this...

8.8CVSS6.9AI score0.0058EPSS
Exploits1References1
CNVD
CNVD
added 2017/09/12 12:0 a.m.3 views

SQL Injection Vulnerability in ShopsN v2.0 Frontend OrderController.class.php File

ShopsN is a free e-commerce open source system. ShopsN v2.0 official version of the front-end OrderController.class.php file SQL injection vulnerability. The vulnerability is due to the system fails to effectively filter the data submitted by the user . An attacker can exploit this vulnerability ...

7.8AI score
Exploits0
CNVD
CNVD
added 2017/09/08 12:0 a.m.4 views

dayrui FineCms 'oauth' function cross-site scripting vulnerability

dayrui FineCms is China Tianrui dayrui program design team released a set of content management system CMS using MVC architecture and PDO database interface development. A cross-site scripting vulnerability exists in the 'oauth' function of the controllers/member/api.php file in version 5.0.11 of...

6.1CVSS6AI score0.00635EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2016/05/31 12:0 a.m.5 views

The vulnerability of the Android operating system, which allows a hacker to circumvent existing access restrictions

The vulnerability in the server/TetherController.cpp file of the Android operating system is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to circumvent existing access restrictions through a specially created application...

9.3CVSS7.5AI score0.00466EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2011/10/09 12:0 a.m.7 views

PT-2011-1859 · Clearbudget · Clearbudget

Name of the Vulnerable Software and Affected Versions: clearBudget version 0.9.8 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the actionPath parameter in the logic/controller.class.php file. This is a remote file inclusion issue. Note that this issue h...

7.5CVSS7.6AI score0.02386EPSS
Exploits1References6
Cvelist
Cvelist
added 2002/07/26 4:0 a.m.20 views

CVE-2002-0773

improotdir.asp for Hosting Controller allows remote attackers to copy or delete arbitrary files and directories via a direct request to improotdir.asp and modifying parameters such as 1 ftp, 2 owwwPath, and 3 oftpPath...

6.9AI score0.04491EPSS
Exploits1References3
Rows per page
Query Builder