Code injection

In Octopus Deploy 2018.4.4 through 2018.5.1, Octopus variables that are sourced from the target do not have sensitive values obfuscated in the deployment logs...

CVE-2018-11320

In Octopus Deploy 2018.4.4 through 2018.5.1, Octopus variables that are sourced from the target do not have sensitive values obfuscated in the deployment logs...

CVE-2018-11320

In Octopus Deploy 2018.4.4 through 2018.5.1, Octopus variables that are sourced from the target do not have sensitive values obfuscated in the deployment logs...

CVE-2018-11320

CVE-2018-11320 affects Octopus Deploy installations running 2018.4.4–2018.5.1, where Octopus variables sourced from the target are not obfuscated in deployment logs. The connected Red Hat, CNVD, and NVD records corroborate the same vulnerable window and behavior. The core issue is exposure of sen...

Octopus Deploy Security Restriction Bypass Vulnerability

Octopus Deploy is an automation tool from Octopus Deploy Australia for development and deployment of . A security vulnerability exists in Octopus Deploy versions prior to 2018.4.7, which stems from the program's failure to check variable scopes for target and tenant labels against a list of tenan...

Microsoft Exchange Server CVE-2018-8152 Remote Privilege Escalation Vulnerability

Description Microsoft Exchange Server is prone to a remote privilege-escalation vulnerability. Attackers can exploit this issue to gain elevated privileges. Technologies Affected Microsoft Exchange Server 2016 Cumulative Update 8 Microsoft Exchange Server 2016 Cumulative Update 9 Recommendations...

Octopus Deploy has an unspecified vulnerability (CNVD-2018-10168)

Octopus Deploy is an automation tool from Octopus Deploy Australia for development and deployment of . A security vulnerability exists in Octopus Deploy version 3.4.x prior to 2018.4.7. An attacker can exploit the vulnerability to view/update/save variable values in the Tenant Variables area...

CVE-2018-10581

In Octopus Deploy 3.4.x before 2018.4.7, an authenticated user is able to view/update/save variable values within the Tenant Variables area for Environments that do not exist within their associated Team scoping. This occurs in situations where this authenticated user also belongs to multiple...

Design/Logic Flaw

In Octopus Deploy 3.4.x before 2018.4.7, an authenticated user is able to view/update/save variable values within the Tenant Variables area for Environments that do not exist within their associated Team scoping. This occurs in situations where this authenticated user also belongs to multiple...

CVE-2018-10581

In Octopus Deploy 3.4.x before 2018.4.7, an authenticated user is able to view/update/save variable values within the Tenant Variables area for Environments that do not exist within their associated Team scoping. This occurs in situations where this authenticated user also belongs to multiple...

CVE-2018-10581

In Octopus Deploy 3.4.x before 2018.4.7, an authenticated user is able to view/update/save variable values within the Tenant Variables area for Environments that do not exist within their associated Team scoping. This occurs in situations where this authenticated user also belongs to multiple...

CVE-2018-10581

CVE-2018-10581 affects Octopus Deploy 3.4.x prior to 2018.4.7. An authenticated user can view/update/save variable values in the Tenant Variables area for Environments that are not present within their Team scoping, in scenarios where the user belongs to multiple teams and at least one team has V...

Design/Logic Flaw

In Octopus Deploy before 2018.4.7, target and tenant tag variable scopes were not checked against the list of tenants the user has access to...

CVE-2018-10550

In Octopus Deploy before 2018.4.7, target and tenant tag variable scopes were not checked against the list of tenants the user has access to...

CVE-2018-10550

In Octopus Deploy before 2018.4.7, target and tenant tag variable scopes were not checked against the list of tenants the user has access to...

CVE-2018-10550

In Octopus Deploy before 2018.4.7, target and tenant tag variable scopes were not checked against the list of tenants the user has access to...

CVE-2018-10550

CVE-2018-10550 affects Octopus Deploy prior to version 2018.4.7. The root cause is that target and tenant tag variable scopes were not checked against the list of tenants the user has access to, enabling a potential security restrictions bypass. The vulnerability is described in public CVE record...

CVE-2018-10554

An issue was discovered in Nagios XI 5.4.13. There is XSS exploitable via CSRF in 1 the Schedule New Report screen via the hour, minute, or ampm parameter, related to components/scheduledreporting; 2 includes/components/xicore/downtime.php, related to the updatepages function; 3 the ajaxhelper.ph...

Moloch - An Open Source, Large Scale, Full Packet Capturing, Indexing, And Database System

Moloch is an open source, large scale, full packet capturing, indexing, and database system. Moloch augments your current security infrastructure to store and index network traffic in standard PCAP format, providing fast, indexed access. An intuitive and simple web interface is provided for PCAP...

Octopus Deploy has an unspecified vulnerability

Octopus Deploy is an automation tool from Octopus Deploy Australia for development and deployment of . A security vulnerability exists in Octopus Deploy. An attacker could exploit this vulnerability to view deployment targets and create associated variables...