PT-2019-11758 · Jenkins · Jenkins Configuration As Code Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Configuration as Code Plugin versions 1.24 and earlier Description: The issue allows attackers with permission to change Jenkins system configuration to obtain the values of environment variables due to variable interpolation during...

CVE-2015-5601

edx-platform before 2015-07-20 allows code execution by privileged users because the course import endpoint mishandles .tar.gz files...

Code injection

edx-platform before 2015-07-20 allows code execution by privileged users because the course import endpoint mishandles .tar.gz files...

CVE-2015-5601

CVE-2015-5601 affects edx-platform prior to 2015-07-20. A vulnerable endpoint (course import) mishandles .tar.gz files, allowing code execution by privileged users. Documents provide CVSS details (2.0/6.5; 3.0/8.8) indicating impact on confidentiality, integrity, and availability (all high/partia...

CVE-2015-5601

edx-platform before 2015-07-20 allows code execution by privileged users because the course import endpoint mishandles .tar.gz files...

CVE-2019-10264

An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. With a valid administrator account, the "Move / Import / Export Users" screen has an Import Users option. This option accepts a ZIP archive containing a users.xml file that can trigger XXE...

CVE-2019-2833

Vulnerability in the Oracle Hospitality Simphony component of Oracle Food and Beverage Applications. The supported version that is affected is 18.2.1. Easily exploitable vulnerability allows low privileged attacker having Import/Export privilege with network access via HTTP to compromise Oracle...

CVE-2019-13915

b3log Wide before 1.6.0 allows three types of attacks to access arbitrary files. First, the attacker can write code in the editor, and compile and run it approximately three times to read an arbitrary file. Second, the attacker can create a symlink, and then place the symlink into a ZIP archive. ...

PT-2019-13474 · B3Log · B3Log Wide

Name of the Vulnerable Software and Affected Versions: b3log Wide versions prior to 1.6.0 Description: The issue allows an attacker to access arbitrary files through three types of attacks. First, an attacker can write and execute code in the editor to read arbitrary files. Second, an attacker ca...

ImageCache Actions - Critical - Multiple Vulnerabilities - SA-CONTRIB-2019-056

The imagecache actions module defines a number of additional image effects that can be used to create image styles. The "Image styles admin" sub module provides additional functionality to duplicate, export and import image styles. The module uses unserialize to import image styles into another...

TYPO3 9.3.x <= 9.5.7 Broken Access Control Vulnerability

TYPO3 CMS is susceptible to a broken access control vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:typo3:typo3"; ...

CVE-2019-9150

Mailvelope prior to 3.3.0 does not require user interaction to import public keys shown on web page. This functionality can be tricked to either hide a key import from the user or obscure which key was imported...

CVE-2019-9150

Mailvelope prior to 3.3.0 does not require user interaction to import public keys shown on web page. This functionality can be tricked to either hide a key import from the user or obscure which key was imported...

Design/Logic Flaw

Mailvelope prior to 3.3.0 does not require user interaction to import public keys shown on web page. This functionality can be tricked to either hide a key import from the user or obscure which key was imported...

CVE-2019-9150

Mailvelope prior to 3.3.0 does not require user interaction to import public keys shown on web page. This functionality can be tricked to either hide a key import from the user or obscure which key was imported...

CVE-2019-9150

CVE-2019-9150 affects the Mailvelope extension prior to 3.3.0. The vulnerability arises because the extension does not require user interaction to import public keys shown on the web page, enabling trickery to hide a key import or obfuscate which key was imported. Impact is limited to the affecte...

CVE-2019-9148

Mailvelope is affected up to version 3.2.x; the vulnerability arises from importing invalid PGP keys during key import. Specifically, Mailvelope accepts or operates with keys that contain users without a valid self-certification and does not reject clearly invalid keys during import, enabling an ...

CVE-2019-9148

Mailvelope prior to 3.3.0 accepts or operates with invalid PGP public keys: Mailvelope allows importing keys that contain users without a valid self-certification. Keys that are obviously invalid are not rejected during import. An attacker that is able to get a victim to import a manipulated key...

Juniper Configuration Importer

This module imports a Juniper ScreenOS or JunOS device configuration...

The vulnerability of the configuration import utility for the Cisco Integrated Management Controller allows a perpetrator to gain write access and load any data into the file system.

The vulnerability of the configuration import utility for the Cisco Integrated Management Controller remote management software lies in the lack of authentication for a critical function. Exploiting this vulnerability allows a malicious actor to gain write access and load any data into the file...