Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

26 matches found

vulnersOsv
vulnersOsvadded 2022/05/14 3:58 a.m.0 views

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1487 more potentially affected by CVE-2016-0792 via org.jenkins-ci.main:jenkins-core (>=1.396 <=1.642.1)

org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0, =0.0.1, =1.0, =0.9, =1.3, =1.0.5.0, =1.0.5.0, =1.0.5.0, =1.0.6.1 and more Source cves: CVE-2016-0792 Source advisory: OSV:GHSA-45RG-G72W-R393...

9CVSS6.7AI score0.82697EPSS
Exploits23
vulnersOsv
vulnersOsvadded 2022/05/14 3:58 a.m.5 views

com.elasticbox.jenkins-ci.plugins:elasticbox (>=4.0.9 <=4.1.0), org.jenkins-ci.lib:xtrigger-lib (=0.36) +13 more potentially affected by CVE-2016-0792 via org.jenkins-ci.main:jenkins-core (>=1.643 <=1.649)

org.jenkins-ci.main:jenkins-core MAVEN version =1.643, =4.0.9, =1.643, =1.643, =1.645, =0.5, =1.648, =4.0.4, =1.0.0, =1.643, =1.0.45, =0.3.2, =0.3.8 - org.jenkins.plugins.statistics.gatherer:statistics-gatherer =1.0.1 Source cves: CVE-2016-0792 Source advisory: OSV:GHSA-45RG-G72W-R393...

9CVSS6.7AI score0.82697EPSS
Exploits23
Gitee
Giteeadded 2020/10/29 1:31 p.m.5 views

Exploit for Deserialization of Untrusted Data in Redhat Data_Grid

This repository contains a collection of Python scripts for exploiting Java deserialization vulnerabilities in various applications, including Cisco Prime Infrastructure, JBoss, Jenkins, and OpenNMS. The scripts use the ysoserial tool to generate the payload. The scripts can be categorized into...

10CVSS7.4AI score0.86829EPSS
Exploits38
Gitee
Giteeadded 2020/03/23 3:45 p.m.10 views

Exploit for Improper Input Validation in Jenkins

hackUtils It is a hack tool kit for pentest and web security research, which is based on BeautifulSoup bs4 module http://www.crummy.com/software/BeautifulSoup/bs4/. Usage: hackUtils.py options Options: -h, --help Show basic help message and exit -b keyword, --baidu=keyword Fetch URLs from Baidu...

9CVSS7.6AI score0.82697EPSS
Exploits23
Tenable Nessus
Tenable Nessusadded 2018/12/04 12:0 a.m.48 views

RHEL 6 : Red Hat OpenShift Enterprise 2.2.10 (RHSA-2016:1773)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2016:1773 advisory. OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service PaaS solution designed for on-premise or private clou...

10CVSS7.1AI score0.83274EPSS
Exploits32References41
0day.today
0day.todayadded 2017/12/19 12:0 a.m.169 views

Jenkins XStream Groovy classpath Deserialization Exploit

This Metasploit module exploits CVE-2016-0792 a vulnerability in Jenkins versions older than 1.650 and Jenkins LTS versions older than 1.642.2 which is caused by unsafe deserialization in XStream with Groovy in the classpath, which allows remote arbitrary code execution. The issue affects default...

9CVSS8.9AI score0.82697EPSS
Exploits23
Exploit DB
Exploit DBadded 2017/12/19 12:0 a.m.54 views

Jenkins - XStream Groovy classpath Deserialization (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Jenkins XStream Groovy classpath Deserialization Vulnerability', 'Description' = %q This module exploits CVE-2016-0792 a vulnerability in Jenkins...

9CVSS6.9AI score0.82697EPSS
Exploits23
Metasploit
Metasploitadded 2017/11/07 2:46 p.m.40 views

Jenkins XStream Groovy classpath Deserialization Vulnerability

This module exploits CVE-2016-0792 a vulnerability in Jenkins versions older than 1.650 and Jenkins LTS versions older than 1.642.2 which is caused by unsafe deserialization in XStream with Groovy in the classpath, which allows remote arbitrary code execution. The issue affects default...

8.8CVSS0.5AI score0.82697EPSS
Exploits23
Saint
Saintadded 2017/08/15 12:0 a.m.78 views

Jenkins groovy.util.Expando Java deserialization vulnerability

Added: 08/15/2017 CVE: CVE-2016-0792 BID: 83720 Background Jenkins is a standalone, open-source automation server written in Java. Problem A deserialization vulnerability in the groovy.util.Expando class allows a remote attacker to execute arbitrary commands by requesting createItem with speciall...

9CVSS7.6AI score0.82697EPSS
Exploits23
OpenVAS
OpenVASadded 2017/08/10 12:0 a.m.280 views

Jenkins Deserialization Vulnerability (CVE-2016-0792) - Active Check

Jenkins is prone to a Java deserialization vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:jenkins:jenkins";...

9CVSS6.7AI score0.82697EPSS
Exploits23References3
Packet Storm
Packet Stormadded 2017/07/30 12:0 a.m.71 views

Jenkins Java Deserialization

import random import string from decimal import Decimal import requests from requests.exceptions import RequestException Exploit Title: Jenkins CVE-2016-0792 Deserialization Remote Exploit Google Dork: intitle: "Dashboard Jenkins" + "Manage Jenkins" Date: 30-07-2017 Exploit Author: Janusz...

9CVSS0.2AI score0.82697EPSS
Exploits23
exploitpack
exploitpackadded 2017/07/30 12:0 a.m.43 views

Jenkins 1.650 - Java Deserialization

Jenkins 1.650 - Java Deserialization import random import string from decimal import Decimal import requests from requests.exceptions import RequestException Exploit Title: Jenkins CVE-2016-0792 Deserialization Remote Exploit Google Dork: intitle: "Dashboard Jenkins" + "Manage Jenkins" Date:...

9CVSS0.3AI score0.82697EPSS
Exploits23
Exploit DB
Exploit DBadded 2017/07/30 12:0 a.m.131 views

Jenkins &lt; 1.650 - Java Deserialization

import random import string from decimal import Decimal import requests from requests.exceptions import RequestException Exploit Title: Jenkins CVE-2016-0792 Deserialization Remote Exploit Google Dork: intitle: "Dashboard Jenkins" + "Manage Jenkins" Date: 30-07-2017 Exploit Author: Janusz Piechów...

9CVSS6.9AI score0.82697EPSS
Exploits23
Circl
Circladded 2017/07/30 12:0 a.m.17 views

CVE-2016-0792

creationtimestamp| type| source ---|---|--- 2017-07-30 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/42394 2017-12-19 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/43375 2018-05-29 15:50:33+00:00| seen|...

9CVSS6.6AI score0.82697EPSS
Exploits23References6
Check Point Advisories
Check Point Advisoriesadded 2016/05/26 12:0 a.m.9 views

Jenkins CI Server XStream Insecure Deserialization (CVE-2016-0792)

An insecure deserialization vulnerability has been reported in Jenkins CI Server. This vulnerability is due to the inclusion of the Groovy library in the classpath combined with the insecure deserialization employing the XStream library. A remote, unauthenticated attacker can exploit this...

9CVSS3.5AI score0.82697EPSS
Exploits23
OpenVAS
OpenVASadded 2016/05/20 12:0 a.m.38 views

Jenkins Multiple Vulnerabilities (Feb 2016) - Linux

Jenkins is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:jenkins:jenkins"; ifdescription...

10CVSS7AI score0.82697EPSS
Exploits25References2
Mageia
Mageiaadded 2016/05/05 4:26 p.m.43 views

Updated jenkins-remoting packages fix CVE-2016-0792

Updated jenkins-remoting packages fix security vulnerability: Jenkins has several API endpoints that allow low-privilege users to POST XML files that then get deserialized by Jenkins. Maliciously crafted XML files sent to these API endpoints could result in arbitrary code execution. SECURITY-247 ...

9CVSS5.7AI score0.82697EPSS
Exploits23References3
RedHat Linux
RedHat Linuxadded 2016/05/03 3:30 p.m.61 views

Important: Red Hat Security Advisory: jenkins security update

An updated Jenkins package and image that include a security fix are now available for Red Hat OpenShift Enterprise 3.1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

10CVSS6.7AI score0.82697EPSS
Exploits25References9
OSV
OSVadded 2016/04/07 11:59 p.m.13 views

CVE-2016-0792

Multiple unspecified API endpoints in Jenkins before 1.650 and LTS before 1.642.2 allow remote authenticated users to execute arbitrary code via serialized data in an XML file, related to XStream and groovy.util.Expando...

8.8CVSS8.8AI score
Exploits0References6
CVE
CVEadded 2016/04/07 11:0 p.m.224 views

CVE-2016-0792

CVE-2016-0792 affects Jenkins, including the core up to 1.650 and LTS up to 1.642.2, via a deserialization flaw in XML data using XStream and groovy.util.Expando. The vulnerability allows remote authenticated users to execute arbitrary code by crafting a serialized payload in an XML file. Public ...

9CVSS9.1AI score0.82697EPSS
Exploits23References6Affected Software1
Rows per page
Query Builder