Lucene search
K

5908 matches found

OSV
OSV
added 2018/08/01 1:29 p.m.30 views

CVE-2018-1999032

A data modification vulnerability exists in Jenkins Agiletestware Pangolin Connector for TestRail Plugin 2.1 and earlier in GlobalConfig.java that allows attackers with Overall/Read permission to override this plugin's configuration by sending crafted HTTP requests to an unprotected endpoint...

6.5CVSS6.6AI score
Exploits0References1
OSV
OSV
added 2018/08/01 1:29 p.m.20 views

CVE-2018-1999026

A server-side request forgery vulnerability exists in Jenkins TraceTronic ECU-TEST Plugin 2.3 and earlier in ATXPublisher.java that allows attackers to have Jenkins send HTTP requests to an attacker-specified host...

6.5CVSS6.7AI score
Exploits0References2
Prion
Prion
added 2018/08/01 1:29 p.m.18 views

Server side request forgery (ssrf)

A server-side request forgery vulnerability exists in Jenkins TraceTronic ECU-TEST Plugin 2.3 and earlier in ATXPublisher.java that allows attackers to have Jenkins send HTTP requests to an attacker-specified host...

4CVSS6.4AI score0.00862EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2018/07/30 3:50 a.m.28 views

CVE-2018-1999002

A arbitrary file read vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers to send crafted HTTP requests returning the contents of any file on the Jenkins master file system that the Jenkins...

7.5CVSS3.5AI score0.86641EPSS
Exploits7References2
seebug.org
seebug.org
added 2018/07/26 12:0 a.m.712 views

Jenkins 任意文件读取漏洞(CVE-2018-1999002)

SECURITY-914 / CVE-2018-1999002 An arbitrary file read vulnerability in the Stapler web framework used by Jenkins allowed unauthenticated users to send crafted HTTP requests returning the contents of any file on the Jenkins master file system that the Jenkins master process has access to. Input...

8.1AI score0.86641EPSS
Exploits7
exploitpack
exploitpack
added 2018/07/26 12:0 a.m.18 views

Kirby CMS 2.5.12 - Cross-Site Request Forgery (Delete Page)

Kirby CMS 2.5.12 - Cross-Site Request Forgery Delete Page Exploit Title:​​ Kirby CMS 2.5.12 - Cross-Site Request Forgery Delete Page Date: 2018-07-22 Exploit Author: Zaran Shaikh Version: 2.5.12 CVE: NA Category: Web Application 1. Description The application allows malicious HTTP requests to be...

0.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/07/26 12:0 a.m.35 views

Kirby CMS 2.5.12 - Cross-Site Request Forgery (Delete Page)

Exploit Title:​​ Kirby CMS 2.5.12 - Cross-Site Request Forgery Delete Page Date: 2018-07-22 Exploit Author: Zaran Shaikh Version: 2.5.12 CVE: NA Category: Web Application 1. Description The application allows malicious HTTP requests to be sent in order to trick a user into adding/ deleting web...

7.4AI score
Exploits0
Talos
Talos
added 2018/07/26 12:0 a.m.44 views

Samsung SmartThings Hub video-core REST Request Parser HTTP Pipelining Injection Vulnerabilities

Summary Multiple exploitable vulnerabilities exist in the REST parser of video-core’s HTTP server of the Samsung SmartThings Hub. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP method, URL and body. An...

9.1AI score
Exploits0
Prion
Prion
added 2018/07/25 2:29 p.m.19 views

Code injection

When F5 BIG-IP ASM 13.0.0-13.1.0.1, 12.1.0-12.1.3.5, 11.6.0-11.6.3.1, or 11.5.1-11.5.6 is processing HTTP requests, an unusually large number of parameters can cause excessive CPU usage in the BIG-IP ASM bd process...

7.8CVSS7.5AI score0.01841EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2018/07/25 2:0 p.m.19 views

CVE-2018-5541

When F5 BIG-IP ASM 13.0.0-13.1.0.1, 12.1.0-12.1.3.5, 11.6.0-11.6.3.1, or 11.5.1-11.5.6 is processing HTTP requests, an unusually large number of parameters can cause excessive CPU usage in the BIG-IP ASM bd process...

7.6AI score0.01841EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2018/07/23 7:51 p.m.43 views

Cross-site request forgery in Django

Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery CSRF attacks via forged AJAX requests that leverage a "combination of browser plugins...

6.8CVSS6.3AI score0.01589EPSS
Exploits0References24Affected Software1
NVD
NVD
added 2018/07/23 7:29 p.m.18 views

CVE-2018-1999002

A arbitrary file read vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers to send crafted HTTP requests returning the contents of any file on the Jenkins master file system that the Jenkins...

7.5CVSS7.4AI score0.86641EPSS
Exploits7References3
Cvelist
Cvelist
added 2018/07/23 7:0 p.m.26 views

CVE-2018-1999002

A arbitrary file read vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers to send crafted HTTP requests returning the contents of any file on the Jenkins master file system that the Jenkins...

7.9AI score0.86641EPSS
Exploits7References3
CVE
CVE
added 2018/07/23 7:0 p.m.226 views

CVE-2018-1999002

CVE-2018-1999002 is an arbitrary file read vulnerability in Jenkins prior to 2.133 (and 2.121.1 and earlier for some builds) via the Stapler web framework. The issue arises from how Stapler handles crafted HTTP requests, allowing an unauthenticated or low-privilege attacker to read files on the J...

7.5CVSS7.7AI score0.86641EPSS
Exploits7References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2018/07/23 12:0 a.m.39 views

Cross-site request forgery in Django

Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery CSRF attacks via forged AJAX requests that leverage a "combination of browser plugins...

6.8CVSS6.3AI score0.01589EPSS
Exploits0References7Affected Software1
Prion
Prion
added 2018/07/20 4:29 p.m.18 views

Code injection

IBM Sterling B2B Integrator 5.2 through 5.2.6 could allow an authenticated attacker to obtain sensitive variable name information using specially crafted HTTP requests. IBM X-Force ID: 133180...

4CVSS4.1AI score0.01745EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2018/07/20 4:0 p.m.18 views

CVE-2017-1633

IBM Sterling B2B Integrator 5.2 through 5.2.6 could allow an authenticated attacker to obtain sensitive variable name information using specially crafted HTTP requests. IBM X-Force ID: 133180...

4.3CVSS4.2AI score0.01745EPSS
Exploits0References3
ArchLinux
ArchLinux
added 2018/07/20 12:0 a.m.40 views

[ASA-201807-12] apache: denial of service

Arch Linux Security Advisory ASA-201807-12 ========================================== Severity: Medium Date : 2018-07-20 CVE-ID : CVE-2018-1333 CVE-2018-8011 Package : apache Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-736 Summary ======= The package apache...

7.5CVSS1.7AI score0.51714EPSS
Exploits0References5
OSV
OSV
added 2018/07/18 2:29 p.m.34 views

CVE-2018-8011

By specially crafting HTTP requests, the modmd challenge handler would dereference a NULL pointer and cause the child process to segfault. This could be used to DoS the server. Fixed in Apache HTTP Server 2.4.34 Affected 2.4.33...

7.5CVSS6.4AI score0.51714EPSS
Exploits0References15
AlpineLinux
AlpineLinux
added 2018/07/18 2:0 p.m.53 views

CVE-2018-8011

By specially crafting HTTP requests, the modmd challenge handler would dereference a NULL pointer and cause the child process to segfault. This could be used to DoS the server. Fixed in Apache HTTP Server 2.4.34 Affected 2.4.33...

7.5CVSS7.4AI score0.51714EPSS
Exploits0
Rows per page
Query Builder