Security Bulletin: Information disclosure for IBM Infosphere Global Name Management

Summary There is a potential information disclosure vulnerability in Global Name Management when using Enterprise Name Search. The information disclosure is due to an XML external entity XXE vulnerability. Customers not using Enterprise Name Search are not affected. Vulnerability Details CVEID:...

Arbitrary JSON and property file read vulnerability in Jenkins Extended Choice Parameter Plugin

Jenkins Extended Choice Parameter Plugin 346.vd87693c5a86c and earlier allows attackers with Item/Configure permission to read values from arbitrary JSON and Java properties files on the Jenkins controller...

CVE-2022-27203

Jenkins Extended Choice Parameter Plugin 346.vd87693c5a86c and earlier allows attackers with Item/Configure permission to read values from arbitrary JSON and Java properties files on the Jenkins controller...

CVE-2022-27203

Jenkins Extended Choice Parameter Plugin 346.vd87693c5a86c and earlier allows attackers with Item/Configure permission to read values from arbitrary JSON and Java properties files on the Jenkins controller...

CVE-2022-27203

Jenkins Extended Choice Parameter Plugin 346.vd87693c5a86c and earlier allows attackers with Item/Configure permission to read values from arbitrary JSON and Java properties files on the Jenkins controller...

Jenkins Plugin Extended Choice Parameter 路径遍历漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.Jenkins Extended Choice Parameter Plugin...

Whispers - Identify Hardcoded Secrets In Static Structured Text

"My little birds are everywhere, even in the North, they whisper to me the strangest stories." - Lord Varys Whispers is a static code analysis tool designed for parsing various common data formats in search of hardcoded credentials and dangerous functions. Whispers can run in the CLI or you can...

CVE-2016-7043

It has been reported that KIE server and Busitess Central before version 7.21.0.Final contain username and password as plaintext Java properties. Any app deployed on the same server would have access to these properties, thus granting access to ther services...

CVE-2016-7043

CVE-2016-7043 affects KIE server and Business Central prior to 7.21.0.Final, where username and password are stored as plaintext Java properties accessible to any app deployed on the same server. This represents a local access risk to services due to insecure credential storage. The vulnerability...

Java Properties not Saved to the User Profile

Under certain circumstances Java properties might not save to the User Store on Logoff...

Java Web Start File Inclusion via System Properties Override

Sun Java Web Start and Java Plug-in for JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.218 and earlier allow remote attackers to execute arbitrary code via a crafted jnlp file that modifies the 1 java.home, 2 java.ext.dirs, or 3 user.home System...

Fixed in Apache Tomcat 5.5.22, 5.0.SVN

Important: Directory traversal CVE-2007-0450 The fix for this issue was insufficient. A fix was also required in the JK connector module for httpd. See CVE-2007-1860 for further information. Tomcat permits '', '%2F' and '%5C' as path delimiters. When Tomcat is used behind a proxy including, but...