57 matches found
CVE-2026-57301
Jenkins OWASP ZAP Plugin 1.0.7 and earlier performs build operations on the Jenkins controller rather than the assigned agent, allowing attackers with Item/Configure permission to execute arbitrary code on the Jenkins controller...
web-app-security-owasp-zap
🔐 Web Application Security Testing with OWASP ZAP Author:...
EUVD-2022-3026
Malicious code in bioql PyPI...
CVE-2019-1003060
Jenkins Official OWASP ZAP Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...
MAL-2024-2816 Malicious code in owasp-zap-extension (npm)
--- -= Per source details. Do not edit below this line.=-...
Human Resource Management System 1.0 SQL Injection
Exploit Title: Human Resource Management System - SQL Injection unauthenticated Date: 08-11-2022 Exploit Author: Matthijs van der Vaart eMVee Vendor Homepage: https://www.sourcecodester.com/php/15740/human-resource-management-system-project-php-and-mysql-free-source-code.html Software Link:...
Human Resource Management System 1.0 - SQL Injection Vulnerability
Exploit Title: Human Resource Management System - SQL Injection unauthenticated Exploit Author: Matthijs van der Vaart eMVee Vendor Homepage: https://www.sourcecodester.com/php/15740/human-resource-management-system-project-php-and-mysql-free-source-code.html Software Link:...
xnLinkFinder - A Python Tool Used To Discover Endpoints (And Potential Parameters) For A Given Target
About - v2.0 This is a tool used to discover endpoints and potential parameters for a given target. It can find them by: crawling a target pass a domain/URL crawling multiple targets pass a file of domains/URLs searching files in a given directory pass a directory name get them from a Burp projec...
Mass Assignment in Self Controller Leads To Vertical Privillege Escalation
Description Hello there, y'all! How are you doing? Hope you are doing great! I was testing Budibase and noticed that the api endpoint /api/global/self, which is used for different purposes updating an user's name or their password, always receives an entire object containing most of the attribute...
No rate limit via proxy url parameter
Description Hi Drawio Team , Your proxy server has no limit of requests which an attacker can use it as PORT SCANNER. https://app.diagrams.net/proxy?url=IP:PORT&base64=1 Proof of Concept Image from my OWASP ZAP : https://ibb.co/h87hz3N...
Rekono - Execute Full Pentesting Processes Combining Multiple Hacking Tools Automatically
Rekono combines other hacking tools and its results to execute complete pentesting processes against a target in an automated way. The findings obtained during the executions will be sent to the user via email or Telegram notifications and also can be imported in Defect-Dojo if an advanced...
Become a Cybersecurity Expert with 18 New Online Courses @ 98% OFF
With more data stored in the cloud than ever before, now is a good time to get into cybersecurity. Many top corporations are looking for new talent, and even junior professionals can earn $80,000 or more. The only barrier to entry is education. How do you learn about security protocols and white...
No Protection against Bruteforce attacks on Login page
Description Wger Workout Manager does not limit unsuccessful login attempts allowing Brute Forcing. Proof of Concept Steps to Reproduce: 1. Register a new user 2. Logout 3. Send a login request with an incorrect password 4. Capture the login request 5. Replay the login request with a different...
GHSA-7JX8-244G-JFPX Jenkins OWASP ZAP Plugin stores unencrypted credentials
Jenkins Official OWASP ZAP Plugin stores Jira credentials unencrypted in its global configuration file org.jenkinsci.plugins.zap.ZAPBuilder.xml on the Jenkins controller. These credentials can be viewed by users with access to the Jenkins controller file system...
Jenkins OWASP ZAP Plugin stores unencrypted credentials
Jenkins Official OWASP ZAP Plugin stores Jira credentials unencrypted in its global configuration file org.jenkinsci.plugins.zap.ZAPBuilder.xml on the Jenkins controller. These credentials can be viewed by users with access to the Jenkins controller file system...
GHSA-J7XG-5549-JR3J Improper Certificate Validation in OWASP ZAP
OWASP Zed Attack Proxy ZAP through w2022-03-21 does not verify the TLS certificate chain of an HTTPS server...
Improper Certificate Validation in OWASP ZAP
OWASP Zed Attack Proxy ZAP through w2022-03-21 does not verify the TLS certificate chain of an HTTPS server...
Design/Logic Flaw
OWASP Zed Attack Proxy ZAP through w2022-03-21 does not verify the TLS certificate chain of an HTTPS server...
Break into Ethical Hacking with 18 Advanced Online Courses for Just $42.99
It is predicted that 3.5 million jobs will be unfilled in the field of cybersecurity by the end of this year. Several of these jobs pay very well, and in most cases, you don't even need a college degree to get hired. The most important thing is to have the skills and certifications. The All-In-On...
FiddleZAP - A Simplified Version Of EKFiddle For OWASP ZAP
FiddleZAP is a simplified version of EKFiddle for OWASP ZAP. With ZAP as your web proxy, you are able to flag malicious traffic based on predefined regular expressions. Example: Alert, highlighting and tagging when a regex matches on a string within the HTML source code of a compromised website...