CVE-2018-10550

In Octopus Deploy before 2018.4.7, target and tenant tag variable scopes were not checked against the list of tenants the user has access to...

CVE-2018-10554

An issue was discovered in Nagios XI 5.4.13. There is XSS exploitable via CSRF in 1 the Schedule New Report screen via the hour, minute, or ampm parameter, related to components/scheduledreporting; 2 includes/components/xicore/downtime.php, related to the updatepages function; 3 the ajaxhelper.ph...

Moloch - An Open Source, Large Scale, Full Packet Capturing, Indexing, And Database System

Moloch is an open source, large scale, full packet capturing, indexing, and database system. Moloch augments your current security infrastructure to store and index network traffic in standard PCAP format, providing fast, indexed access. An intuitive and simple web interface is provided for PCAP...

Octopus Deploy has an unspecified vulnerability

Octopus Deploy is an automation tool from Octopus Deploy Australia for development and deployment of . A security vulnerability exists in Octopus Deploy. An attacker could exploit this vulnerability to view deployment targets and create associated variables...

Design/Logic Flaw

In Octopus Deploy 2.0 and later before 2018.3.7, an authenticated user, with variable edit permissions, can scope some variables to targets greater than their permissions should allow. In other words, they can see machines beyond their team's scoped environments...

CVE-2018-9039

In Octopus Deploy 2.0 and later before 2018.3.7, an authenticated user, with variable edit permissions, can scope some variables to targets greater than their permissions should allow. In other words, they can see machines beyond their team's scoped environments...

CVE-2018-9039

In Octopus Deploy 2.0 and later before 2018.3.7, an authenticated user, with variable edit permissions, can scope some variables to targets greater than their permissions should allow. In other words, they can see machines beyond their team's scoped environments...

CVE-2018-9039

In Octopus Deploy 2.0 and later before 2018.3.7, an authenticated user, with variable edit permissions, can scope some variables to targets greater than their permissions should allow. In other words, they can see machines beyond their team's scoped environments...

CVE-2018-9039

In Octopus Deploy 2.0 and later before 2018.3.7, an authenticated user, with variable edit permissions, can scope some variables to targets greater than their permissions should allow. In other words, they can see machines beyond their team's scoped environments...

CVE-2018-9039

CVE-2018-9039 affects Octopus Deploy 2.0 and later up to (but not including) 2018.3.7, where an authenticated user with variable-edit permissions can scope some variables to targets beyond their allowed permissions and see machines outside their team’s scoped environments. Root cause: insufficien...

Octopus Deploy elevation of privilege vulnerability (CNVD-2018-04332)

Octopus Deploy is an automation tool from Octopus Deploy Australia for development and deployment of . A security vulnerability exists in Octopus Deploy versions prior to 4.1.9. An attacker can exploit this vulnerability to gain Administer System privileges...

CVE-2018-5706

An issue was discovered in Octopus Deploy before 4.1.9. Any user with user editing permissions can modify teams to give themselves Administer System permissions even if they didn't have them, as demonstrated by use of the RoleEdit or TeamEdit permission...

Code injection

An issue was discovered in Octopus Deploy before 4.1.9. Any user with user editing permissions can modify teams to give themselves Administer System permissions even if they didn't have them, as demonstrated by use of the RoleEdit or TeamEdit permission...

CVE-2018-5706

An issue was discovered in Octopus Deploy before 4.1.9. Any user with user editing permissions can modify teams to give themselves Administer System permissions even if they didn't have them, as demonstrated by use of the RoleEdit or TeamEdit permission...

CVE-2018-5706

An issue was discovered in Octopus Deploy before 4.1.9. Any user with user editing permissions can modify teams to give themselves Administer System permissions even if they didn't have them, as demonstrated by use of the RoleEdit or TeamEdit permission...

CVE-2018-5706

CVE-2018-5706 affects Octopus Deploy before 4.1.9. A user with editing permissions can modify teams using RoleEdit/TeamEdit to grant themselves Administer System privileges, even if not originally authorized. The CNVD/CNVD-2018-04332 entry confirms this elevation-of-privilege path and cites versi...

IBM UrbanCode Deploy Access Bypass Vulnerability

IBM UrbanCode Deploy UCD is a set of application automation deployment tools from IBM in the United States. The tool is based on an application deployment automation management information model, and through remote agent technology, to realize the complex application in different environments, su...

CVE-2017-1493

IBM UrbanCode Deploy UCD 6.1 and 6.2 could allow an authenticated user to edit objects that they should not have access to due to improper access controls. IBM X-Force ID: 128691...

CVE-2017-1493

IBM UrbanCode Deploy UCD 6.1 and 6.2 could allow an authenticated user to edit objects that they should not have access to due to improper access controls. IBM X-Force ID: 128691...

CVE-2017-1493

IBM UrbanCode Deploy UCD 6.1 and 6.2 could allow an authenticated user to edit objects that they should not have access to due to improper access controls. IBM X-Force ID: 128691...