21 matches found
EUVD-2022-5577
Malicious code in bioql PyPI...
EUVD-2022-4942
Malicious code in bioql PyPI...
CVE-2019-10289
A cross-site request forgery vulnerability in Jenkins Netsparker Cloud Scan Plugin 1.1.5 and older in the NCScanBuilder.DescriptorImpldoValidateAPI form validation method allowed attackers to initiate a connection to an attacker-specified server...
CVE-2019-10291
Jenkins Netsparker Cloud Scan Plugin 1.1.5 and older stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system...
CloudBees Jenkins Netsparker Cloud Scan Plugin Authorization Issues Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing project and some timed tasks . Netsparker Cloud Scan Plugin is used in one of...
CloudBees Jenkins Netsparker Cloud Scan Plugin Trust Management Issue Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing project and some timed tasks . Netsparker Cloud Scan Plugin is used in one of...
CloudBees Jenkins Netsparker Cloud Scan Plugin Cross-Site Request Forgery Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing project and some timed tasks . Netsparker Cloud Scan Plugin is used in one of...
CVE-2019-10291
Jenkins Netsparker Cloud Scan Plugin 1.1.5 and older stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system...
CVE-2019-10290
A missing permission check in Jenkins Netsparker Cloud Scan Plugin 1.1.5 and older in the NCScanBuilder.DescriptorImpldoValidateAPI form validation method allowed attackers with Overall/Read permission to initiate a connection to an attacker-specified server...
CVE-2019-10290
A missing permission check in Jenkins Netsparker Cloud Scan Plugin 1.1.5 and older in the NCScanBuilder.DescriptorImpldoValidateAPI form validation method allowed attackers with Overall/Read permission to initiate a connection to an attacker-specified server...
CVE-2019-10289
A cross-site request forgery vulnerability in Jenkins Netsparker Cloud Scan Plugin 1.1.5 and older in the NCScanBuilder.DescriptorImpldoValidateAPI form validation method allowed attackers to initiate a connection to an attacker-specified server...
CVE-2019-10289
A cross-site request forgery vulnerability in Jenkins Netsparker Cloud Scan Plugin 1.1.5 and older in the NCScanBuilder.DescriptorImpldoValidateAPI form validation method allowed attackers to initiate a connection to an attacker-specified server...
Cross site request forgery (csrf)
A cross-site request forgery vulnerability in Jenkins Netsparker Cloud Scan Plugin 1.1.5 and older in the NCScanBuilder.DescriptorImpldoValidateAPI form validation method allowed attackers to initiate a connection to an attacker-specified server...
CVE-2019-10290
A missing permission check in Jenkins Netsparker Cloud Scan Plugin 1.1.5 and older in the NCScanBuilder.DescriptorImpldoValidateAPI form validation method allowed attackers with Overall/Read permission to initiate a connection to an attacker-specified server...
CVE-2019-10290
CVE-2019-10290 affects Jenkins Netsparker Cloud Scan Plugin 1.1.5 and older. The vulnerability is a missing permission check in NCScanBuilder.DescriptorImpl#doValidateAPI, allowing attackers with Overall/Read permission to initiate a connection to an attacker-controlled server. Impact: potential ...
PT-2019-11693 · Jenkins · Jenkins Netsparker Cloud Scan Plugin +2
Name of the Vulnerable Software and Affected Versions: Jenkins Netsparker Cloud Scan Plugin version 1.1.5 and older Jenkins Netsparker Enterprise Scan Plugin affected versions not specified Description: The issue concerns the storage of sensitive information in plain text within configuration fil...
PT-2019-11692 · Jenkins · Jenkins Netsparker Cloud Scan Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Netsparker Cloud Scan Plugin version 1.1.5 and older Description: A missing permission check in the NCScanBuilder.DescriptorImpldoValidateAPI form validation method allows attackers with Overall/Read permission to initiate a connectio...
PT-2019-11691 · Jenkins · Jenkins Netsparker Cloud Scan Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Netsparker Cloud Scan Plugin version 1.1.5 and older Description: A cross-site request forgery issue exists in the NCScanBuilder.DescriptorImpldoValidateAPI form validation method, allowing attackers to initiate a connection to an...
Podcast Generator 2.7 Cross Site Scripting
Stored Cross-site Scripting Vulnerability in Podcast Generator 2.7 Information -------------------- Advisory by Netsparker Name: Stored Cross-site scripting in Podcast Generator 2.7 Affected Software: Podcast Generator Affected Versions: 2.7 Homepage: http://www.podcastgenerator.net/ Vulnerabilit...
BlogEngine 3.3 - XML External Entity Injection Vulnerability
Exploit for windows platform in category web applications XML External Entity Injection Vulnerability in BlogEngine 3.3 Information -------------------- Advisory by Netsparker Name: XML External Entity Injection Vulnerability in BlogEngine 3.3 Affected Software: BlogEngine Affected Versions: 3.3...