22 matches found
samba: Samba: Remote Code Execution in printing subsystem via unescaped job description
A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job description string to the command configured with the "print command" setting via the "%J" substitution character without escaping shell meta characters. A remote attacker could exploit this vulnerability by...
CVE-2026-4480
A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job description string to the command configured with the "print command" setting via the "%J" substitution character without escaping shell meta characters. A remote attacker could exploit this vulnerability by...
CVE-2026-4480
CVE-2026-4480 : A flaw in the Samba printing subsystem causes the client-controlled job description string passed to the print command via %J to be executed without escaping shell meta characters, enabling remote code execution. Root cause: unescaped shell metacharacters in print job descriptions...
EUVD-2026-31828
A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job description string to the command configured with the "print command" setting via the "%J" substitution character without escaping shell meta characters. A remote attacker could exploit this vulnerability by...
PT-2024-39846 · Unknown · Sourcecodester Profile Registration Without Reload Refresh
Name of the Vulnerable Software and Affected Versions: SourceCodester Profile Registration without Reload Refresh version 1.0 Description: A vulnerability has been found in the system, marked as problematic. The issue affects an unknown functionality of the file add.php. The manipulation of the...
Advisory ROSA-SA-2023-2272
software: quartz 2.2.1 OS: ROSA-CHROME packageevrstring: quartz-2.2.1-11.src.rpm CVE-ID: CVE-2019-13990 BDU-ID: None CVE-Crit: CRITICAL CVE-DESC.: initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler before version 2.3.0 allows XXE attacks via job description...
Vietnamese Cybercriminals Targeting Facebook Business Accounts with Malvertising
Malicious actors associated with the Vietnamese cybercrime ecosystem are leveraging advertising-as-a-vector on social media platforms such as Meta-owned Facebook to distribute malware. "Threat actors have long used fraudulent ads as a vector to target victims with scams, malvertising, and more,"...
Hacking AI Resume Screening with Text in a White Font
The Washington Post is reporting on a hack to fool automatic resume sorting programs: putting text in a white font. The idea is that the programs rely primarily on simple pattern matching, and the trick is to copy a list of relevant keywords--or the published job description--into the resume in a...
SUSE CVE-2019-13990
initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description...
GHSA-X68X-WVM2-HQC8 Stored XSS vulnerability in Jenkins Compact Columns Plugin
Compact Columns Plugin 1.11 and earlier displays the unprocessed job description in tooltips. This results in a stored cross-site scripting vulnerability that can be exploited by users with Job/Configure permission. Compact Columns Plugin 1.12 applies the configured markup formatter to the job...
Stored XSS vulnerability in Jenkins Compact Columns Plugin
Compact Columns Plugin 1.11 and earlier displays the unprocessed job description in tooltips. This results in a stored cross-site scripting vulnerability that can be exploited by users with Job/Configure permission. Compact Columns Plugin 1.12 applies the configured markup formatter to the job...
MGASA-2021-0133 Updated quartz packages fix a security vulnerability
initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description CVE-2019-13990...
libquartz: XXE attacks via job description
The Terracotta Quartz Scheduler is susceptible to an XML external entity attack XXE through a job description. This issue stems from inadequate handling of XML external entity XXE declarations in the initDocumentParser function within xml/XMLSchedulingDataProcessor.java. By enticing a victim to...
libquartz: XXE attacks via job description
The Terracotta Quartz Scheduler is susceptible to an XML external entity attack XXE through a job description. This issue stems from inadequate handling of XML external entity XXE declarations in the initDocumentParser function within xml/XMLSchedulingDataProcessor.java. By enticing a victim to...
Cross site scripting
Jenkins Compact Columns Plugin 1.11 and earlier displays the unprocessed job description in tooltips, resulting in a stored cross-site scripting vulnerability that can be exploited by users with Job/Configure permission...
PT-2020-15409 · Jenkins · Jenkins Compact Columns Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Compact Columns Plugin versions 1.11 and earlier Description: The issue results in a stored cross-site scripting vulnerability. This can be exploited by users with Job/Configure permission, as the unprocessed job description is...
Terracotta Quartz Scheduler Code Issue Vulnerability
Terracotta Quartz Scheduler is an open source job scheduling framework . A code issue vulnerability exists in Terracotta Quartz Scheduler. The vulnerability stems from an improperly designed or implemented code development process for a networked system or product. An attacker can exploit this...
DEBIAN-CVE-2019-13990
initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description...
CVE-2019-13990
initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description...
bayardinteractive.com XSS vulnerability
Open Bug Bounty ID: OBB-578352 Description| Value ---|--- Affected Website:| bayardinteractive.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...