DEBIAN-CVE-2021-32719

RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.18, when a federation link was displayed in the RabbitMQ management UI via the rabbitmqfederationmanagement plugin, its consumer tag was rendered without proper tag sanitization. This potentially allows for...

PT-2021-18556 · Apache · Apache Solr

Name of the Vulnerable Software and Affected Versions: Apache Solr versions prior to 8.8.2 Description: The issue arises when using ConfigurableInternodeAuthHadoopPlugin for authentication. In this scenario, distributed requests are forwarded or proxied using server credentials instead of the...

PT-2021-14364 · Ckeditor · Ckeditor 5 Markdown Plugin

Name of the Vulnerable Software and Affected Versions: CKEditor 5 Markdown plugin versions prior to 25.0.0 Description: The CKEditor 5 Markdown plugin has a regex denial of service ReDoS vulnerability. This vulnerability allows the abuse of link recognition regular expressions, which could cause ...

PT-2021-14791 · Moodle +1 · Moodle +1

Name of the Vulnerable Software and Affected Versions: Moodle version 3.10 Description: A command execution vulnerability exists in the default legacy spellchecker plugin. This issue can be exploited through a specially crafted series of HTTP requests, leading to command execution. An attacker mu...

PT-2020-6525 · Genivia · Gsoap

Name of the Vulnerable Software and Affected Versions: Genivia gSOAP version 2.8.107 Description: A denial-of-service issue exists in the WS-Security plugin functionality of Genivia gSOAP. It can be triggered by a specially crafted SOAP request, allowing an attacker to send an HTTP request and...

PT-2020-6524 · Genivia · Gsoap

Name of the Vulnerable Software and Affected Versions: Genivia gSOAP version 2.8.107 Description: A denial-of-service issue exists in the WS-Addressing plugin functionality of Genivia gSOAP. This is due to errors in handling SOAP requests, which can be triggered by a specially crafted SOAP reques...

PT-2020-13788

Name of the Vulnerable Software and Affected Versions Apache ActiveMQ Artemis versions 2.5.0 through 2.13.0 Description A specially crafted MQTT packet with an XSS payload as client-id or topic name can exploit this issue. The XSS payload is injected into the admin console's browser and is...

PT-2019-11770 · Jenkins · Jenkins Pegdown Formatter Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins PegDown Formatter Plugin versions 1.3 and earlier Description: A stored cross-site scripting issue allows attackers who can edit descriptions and other fields to insert links with the javascript: scheme into the Jenkins UI. The PegDow...

PT-2019-11777 · Jenkins · Jenkins Codefresh Integration Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Codefresh Integration Plugin versions 1.8 and earlier Description: The issue concerns the Jenkins Codefresh Integration Plugin, which unconditionally disables SSL/TLS certificate validation for the entire Jenkins controller JVM. This...

Wordpress Plugin Patched After Zero Day Discovered

UPDATE A popular WordPress plugin is urging users to update as soon as possible after it patched a vulnerability that was being exploited in the wild. If users cannot update, developers recommended they disable the plugin. The plugin, Social Warfare, lets users add social media sharing buttons to...

PT-2019-10730 · Foxit · Foxit Pdf Reader

Name of the Vulnerable Software and Affected Versions: Foxit Software's PDF Reader version 9.1.0.5096 Description: The issue is related to the handling of certain XFA element attributes, which can lead to an out-of-bounds read when a specially crafted PDF document is opened. This can result in th...

PT-2018-16360 · Foxit · Foxit Pdf Reader

Name of the Vulnerable Software and Affected Versions: Foxit Software's PDF Reader version 9.2.0.9297 Description: A use-after-free issue in the JavaScript engine of Foxit Software's PDF Reader can be exploited by opening a specially crafted PDF document, potentially leading to arbitrary code...

PT-2018-16336 · Foxit · Foxit Pdf Reader

Name of the Vulnerable Software and Affected Versions: Foxit Software's PDF Reader version 9.1.0.5096 Description: A use-after-free issue in the JavaScript engine of Foxit Software's PDF Reader can be exploited by opening a specially crafted PDF document, potentially leading to arbitrary code...

PT-2018-16345 · Foxit · Foxit Pdf Reader

Name of the Vulnerable Software and Affected Versions: Foxit PDF Reader version 9.1.0.5096 Description: A use-after-free issue exists in the JavaScript engine. This can occur when accessing the CreationDate property of the this.info object. An attacker can exploit this by tricking a user into...

WordPress Plugin Pie Register < 3.0.9 - Blind SQL Injection

Title: WordPress Plugin Pie Register order = escsql $order ; IV. PROOF OF CONCEPT The following URL have been confirmed to all suffer from Time Based SQL Injection. GET /wordpress/wp-admin/admin.php?page=pie-invitation-codes&orderby=name&order=desc original GET...

PT-2018-19070

Name of the Vulnerable Software and Affected Versions Roundcube versions 1.2.0 through 1.3.5 Description The issue allows for an IMAP injection attack by exploiting the unsanitized " uid" parameter in an archive.php request, specifically when the task=mail& mbox=INBOX& action=plugin.move2archive...

PT-2018-8402 · Red Hat +2 · Pki-Core +3

Name of the Vulnerable Software and Affected Versions: pki-core versions prior to 10.6.4 Description: A flaw was discovered in the pki-core package where a mock CMC authentication plugin with a hardcoded secret was accidentally enabled by default. This could allow an attacker to bypass the regula...

Prevent Activity feed information leakage by allowing permanently disabling of it

It seems that the sensitive information leakage is something almost impossible to avoid when you have a pair of JIRA instances, internal and external, which are connected one to another. Having them connected is clearly a business requirement for being able to cross link issues and to copy them...

October 2013 Oracle Java Critical Patch Update

On Tuesday, for the first time, Java security updates were included with the quarterly Oracle Critical Patch Update – and just as quickly, Java wasted no time elevating itself as the top concern for Oracle admins and security experts. Of the 51 Java patches released, 50 allow for remote code...

PT-2008-2242 · Dmssoftware · Dmsguestbook

Name of the Vulnerable Software and Affected Versions: DMSGuestbook version 1.7.0 Description: The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the "file" parameter to "wp-admin/admin.php", the "messagefield" parameter in the guestbook page, or th...