The vulnerability of the Mozilla Firefox browser, related to access control deficiencies, allows attackers to gain access to confidential information.

The vulnerability of the Mozilla Firefox browser is related to access control deficiencies. Exploiting this vulnerability allows an attacker to read files from this folder and gain access to confidential information by reading files from the "/tmp" folder...

Spring Boot Actuator Logview < 0.2.13 Directory Traversal

Spring Boot Actuator Logview is a library that adds a simple logfile viewer as Spring Boot Actuator endpoint. In Spring Boot Actuator Logview before version 0.2.13 there is a directory traversal vulnerability. The nature of this library is to expose a log file directory via admin Spring Boot...

CVE-2022-25570

In Click Studios SA Pty Ltd Passwordstate 9435, users with access to a passwordlist can gain access to additional password lists without permissions. Specifically, an authenticated user who has write permissions to a password list in one folder with the default permission model can extend his...

CVE-2022-25570

In Click Studios SA Pty Ltd Passwordstate 9435, users with access to a passwordlist can gain access to additional password lists without permissions. Specifically, an authenticated user who has write permissions to a password list in one folder with the default permission model can extend his...

GHSA-5VJC-QX43-R747 Stored Cross-site Scripting in folder-auth plugin

Folder-based Authorization Strategy Plugin 1.3 and earlier does not escape the names of roles shown on the configuration form. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers with Overall/Administer permission. Folder-based Authorization Strategy Plugin 1....

Stored Cross-site Scripting in folder-auth plugin

Folder-based Authorization Strategy Plugin 1.3 and earlier does not escape the names of roles shown on the configuration form. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers with Overall/Administer permission. Folder-based Authorization Strategy Plugin 1....

CVE-2021-22571

A local attacker could read files from some other users' SA360 reports stored in the /tmp folder during staging process before the files are loaded in BigQuery. We recommend upgrading to version 1.0.3 or above...

CVE-2021-22571

A local attacker could read files from some other users' SA360 reports stored in the /tmp folder during staging process before the files are loaded in BigQuery. We recommend upgrading to version 1.0.3 or above...

Design/Logic Flaw

A local attacker could read files from some other users' SA360 reports stored in the /tmp folder during staging process before the files are loaded in BigQuery. We recommend upgrading to version 1.0.3 or above...

CVE-2021-22571 Information Leak in SA360-webquery-bigquery through read on /tmp

A local attacker could read files from some other users' SA360 reports stored in the /tmp folder during staging process before the files are loaded in BigQuery. We recommend upgrading to version 1.0.3 or above...

CVE-2022-26526

Anaconda Anaconda3 Anaconda Distribution through 2021.11.0.0 and Miniconda3 through 4.11.0.0 can create a world-writable directory under %PROGRAMDATA% and place that directory into the system PATH environment variable. Thus, for example, local users can gain privileges by placing a Trojan horse...

Jenkins Folder-based Authorization Strategy Plugin Cross-Site Scripting Vulnerability

Jenkins and Jenkins Plugin are both products of Jenkins, which is an application. Jenkins Plugin is an application that provides hundreds of plugins to support building, deploying, and automating any project. The plugin fails to escape the role name displayed on the configuration form, which can ...

GHSA-CHR6-386Q-4M3V Duplicate Advisory: Stored Cross-site Scripting vulnerability in Jenkins Folder-based Authorization Strategy Plugin

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-5vjc-qx43-r747. This link is maintained to preserve external references. Original Description Jenkins Folder-based Authorization Strategy Plugin 1.3 and earlier does not escape the names of roles shown on the...

CVE-2022-27200

Jenkins Folder-based Authorization Strategy Plugin 1.3 and earlier does not escape the names of roles shown on the configuration form, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Overall/Administer permission...

CVE-2022-27200

Jenkins Folder-based Authorization Strategy Plugin 1.3 and earlier does not escape the names of roles shown on the configuration form, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Overall/Administer permission...

CVE-2022-27200

Jenkins Folder-based Authorization Strategy Plugin 1.3 and earlier does not escape the names of roles shown on the configuration form, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Overall/Administer permission...

PT-2022-18287 · Jenkins · Jenkins Folder-Based Authorization Strategy Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Folder-based Authorization Strategy Plugin versions 1.3 and earlier Description: The issue is related to a stored cross-site scripting XSS vulnerability. This occurs because the names of roles shown on the configuration form are not...

Design/Logic Flaw

With administrator or admin privileges the application can be tricked into overwriting files in appdata/Config folder, e.g. the systemsettings.xml file. THis is possible in SmarterTrack v100.0.8019.14010...

CVE-2022-24387 File upload and overwrite to app_data/Config in SmarterTrack v100.0.8019.14010

With administrator or admin privileges the application can be tricked into overwriting files in appdata/Config folder, e.g. the systemsettings.xml file. THis is possible in SmarterTrack v100.0.8019.14010...

PT-2022-16662 · Unknown · Smartertrack

Name of the Vulnerable Software and Affected Versions: SmarterTrack version 100.0.8019.14010 Description: The application can be tricked into overwriting files in the app data/Config folder, such as the systemsettings.xml file, with administrator or admin privileges. Recommendations: For...