277 matches found
CVE-2020-2318
Jenkins Mail Commander Plugin for Jenkins-ci Plugin 1.0.0 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...
PT-2020-15552 · Jenkins Ci +1 · Jenkins Mail Commander Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Mail Commander Plugin for Jenkins-ci Plugin version 1.0.0 and earlier Description: The issue concerns the storage of passwords in an unencrypted manner in job config.xml files on the Jenkins controller. These passwords can be accessed...
CloudBees Jenkins SMS Notification Plugin Unauthorized Access Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Audit Trail Plugin is used in one of the audi...
CloudBees Jenkins Information Disclosure Vulnerability (CNVD-2020-51391)
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version of the release/test project and some timed tasks . LTS is a long-term support for...
CVE-2020-2249
Jenkins Team Foundation Server Plugin 5.157.1 and earlier stores a webhook secret unencrypted in its global configuration file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system...
File Deletion Vulnerability in YCCMS Controller Directory Na***.class.php
YCCMS is a PHP version of a lightweight CMS builder. A file deletion vulnerability exists in the YCCMS controller directory Na.cl.php, which can be exploited by an attacker to delete any file in any directory...
PT-2019-11813 · Vmware +2 · Vfabric Application Director Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins vFabric Application Director Plugin affected versions not specified Description: The issue concerns the storage of credentials in an unencrypted manner within the global configuration file of the Jenkins master. Specifically, the...
PT-2019-11818 · Jenkins · Jenkins Eloyente Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins elOyente Plugin affected versions not specified Description: The issue concerns the storage of credentials in an unencrypted manner within the global configuration file of the Jenkins master. Specifically, the elOyente Plugin stores a...
PT-2019-11365 · Jenkins · Jenkins Audit To Database Plugin
Name of the Vulnerable Software and Affected Versions: Jenkins Audit to Database Plugin affected versions not specified Description: The issue concerns the storage of credentials in an unencrypted manner within the global configuration file. Specifically, database credentials are stored unencrypt...
SQL Injection Vulnerability in Uc365 Website Category Navigation System
Yuko 365 website classification navigation system is an open source navigation management system based on PHP + MYSQL development and construction. Uke365 website navigation system v1.1.3 app/admin/controller/ar.php page SQL injection vulnerability , the vulnerability stems from the system fails ...
UEditor editor two version of the arbitrary file upload vulnerability analysis-vulnerability warning-the black bar safety net
0x01 introduction UEditor by Baidu WEB front-end R & D Department development of WYSIWYG the open source rich text editor with lightweight, customizable, the user experience is excellent and other characteristics, by the majority of WEB applications use; this broke the high-risk vulnerabilities...
SDcms Cross-Site Request Forgery Vulnerability
SDcms is a PHP and MySQL based enterprise building content management system CMS by China Smoke & Fire Network Technology. A cross-site request forgery vulnerability exists in the /WWW//app/admin/controller/admincontroller.php file in SDcms version 1.5. A remote attacker can exploit this...
SQL Injection Vulnerability in ShopsN v2.0 Frontend OrderController.class.php File
ShopsN is a free e-commerce open source system. ShopsN v2.0 official version of the front-end OrderController.class.php file SQL injection vulnerability. The vulnerability is due to the system fails to effectively filter the data submitted by the user . An attacker can exploit this vulnerability ...
dayrui FineCms 'oauth' function cross-site scripting vulnerability
dayrui FineCms is China Tianrui dayrui program design team released a set of content management system CMS using MVC architecture and PDO database interface development. A cross-site scripting vulnerability exists in the 'oauth' function of the controllers/member/api.php file in version 5.0.11 of...
The vulnerability of the Android operating system, which allows a hacker to circumvent existing access restrictions
The vulnerability in the server/TetherController.cpp file of the Android operating system is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to circumvent existing access restrictions through a specially created application...
PT-2011-1859 · Clearbudget · Clearbudget
Name of the Vulnerable Software and Affected Versions: clearBudget version 0.9.8 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the actionPath parameter in the logic/controller.class.php file. This is a remote file inclusion issue. Note that this issue h...
CVE-2002-0773
improotdir.asp for Hosting Controller allows remote attackers to copy or delete arbitrary files and directories via a direct request to improotdir.asp and modifying parameters such as 1 ftp, 2 owwwPath, and 3 oftpPath...