18 matches found
Exploit for Memory Allocation with Excessive Size Value in Apache Http_Server
http2-bomb-detector HTTP/2 Bomb CVE-2026-49975 Non-destru...
RHCOS 3 : jenkins (RHSA-2016:0711)
The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2016:0711 advisory. - jenkins: Remote code execution vulnerability in remoting module SECURITY-232 CVE-2016-0788 - jenkins: HTTP response splitting...
EUVD-2017-0189
Malware in sbrugna...
MAL-2025-8720 Malicious code in @malware-test-hunts-crumb-outer-knots/test-mlw3-hunts-crumb-outer-knots (npm)
The package @malware-test-hunts-crumb-outer-knots/test-mlw3-hunts-crumb-outer-knots was found to contain malicious code...
GHSA-QXH5-5R5P-5GVF Cross-Site Request Forgery in Jenkins Blue Ocean Plugin
A data modification vulnerability exists in Jenkins Blue Ocean Plugins 1.10.1 and earlier that allows attackers to bypass all cross-site request forgery protection in Blue Ocean API. The vulnerability is found in: - blueocean-core-js/src/js/bundleStartup.js - blueocean-core-js/src/js/fetch.ts -...
Jenkins build-metrics plugin 1.3 - label Cross-Site Scripting
Jenkins build-metrics plugin 1.3 - label Cross-Site Scripting Exploit Title: Jenkins build-metrics plugin 1.3 - 'label' Cross-Site Scripting Date: 2019-11-06 Exploit Author: vesche Austin Jackson Vendor Homepage: https://plugins.jenkins.io/build-metrics Version: Jenkins build-metrics plugin 1.3 a...
postmile (>=1.0.1 <=1.1.0), postmile-web (>=1.0.0 <=1.1.0) potentially affected by CVE-2014-7193 via crumb (>=0.0.9 <=2.2.0)
crumb NPM version =0.0.9, =1.0.1, =1.0.0, =1.1.0 Source cves: CVE-2014-7193 Source advisory: OSV:GHSA-84FQ-6626-W5FG...
CORS Token Disclosure in crumb
When CORS is enabled on a hapi route handler, it is possible to set a crumb token for a different domain. An attacker would need to have an application consumer visit a site they control, request a route supporting CORS, and then retrieve the token. With this token, they could possibly make...
GHSA-84FQ-6626-W5FG CORS Token Disclosure in crumb
When CORS is enabled on a hapi route handler, it is possible to set a crumb token for a different domain. An attacker would need to have an application consumer visit a site they control, request a route supporting CORS, and then retrieve the token. With this token, they could possibly make...
Jenkins Multiple CSRF vulnerabilities (CVE-2017-1000356)
Multiple Cross-Site Request Forgery vulnerabilities in Jenkins allowed malicious users to perform several administrative actions by tricking a victim into opening a web page. The most notable ones: SECURITY-412: Restart Jenkins immediately, after all builds are finished, or after all plugin...
CORS Token Disclosure
Overview When CORS is enabled on a hapi route handler, it is possible to set a crumb token for a different domain. An attacker would need to have an application consumer visit a site they control, request a route supporting CORS, and then retrieve the token. With this token, they could possibly...
CVE-2014-7193
The Crumb plugin before 3.0.0 for Node.js does not properly restrict token access in situations where a hapi route handler has CORS enabled, which allows remote attackers to obtain sensitive information, and potentially obtain the ability to spoof requests to non-CORS routes, via a crafted web si...
Design/Logic Flaw
The Crumb plugin before 3.0.0 for Node.js does not properly restrict token access in situations where a hapi route handler has CORS enabled, which allows remote attackers to obtain sensitive information, and potentially obtain the ability to spoof requests to non-CORS routes, via a crafted web si...
CVE-2014-7193
The Crumb plugin before 3.0.0 for Node.js does not properly restrict token access in situations where a hapi route handler has CORS enabled, which allows remote attackers to obtain sensitive information, and potentially obtain the ability to spoof requests to non-CORS routes, via a crafted web si...
CVE-2014-7193
CVE-2014-7193 affects the Crumb plugin for Node.js prior to 3.0.0. When a hapi route has CORS enabled, token access is not properly restricted, potentially allowing remote attackers to obtain sensitive information and possibly spoof requests to non-CORS routes via a crafted site visited by an app...
DEBIAN-CVE-2014-9236
Cross-site scripting XSS vulnerability in php/editphotos.php in Zoph aka Zoph Organizes Photos 0.9.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the 1 photographerid or 2 crumb parameter...
UBUNTU-CVE-2014-9236
Cross-site scripting XSS vulnerability in php/editphotos.php in Zoph aka Zoph Organizes Photos 0.9.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the 1 photographerid or 2 crumb parameter...
CVE-2014-9236
Cross-site scripting XSS vulnerability in php/editphotos.php in Zoph aka Zoph Organizes Photos 0.9.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the 1 photographerid or 2 crumb parameter...