204 matches found
Automattic: Sql injection on docs.atavist.com
hello dear team I have found SQL injection on docs.atavist.com url:http://docs.atavist.com/readerapi/stories.php?limit=10&offset=20&organizationid=88822&search=0&sort= parameters: injectable search=0 Parameter: search GET Type: AND/OR time-based blind Title: MySQL = 5.0.12 AND time-based blind...
CloudBees Jenkins Information Disclosure Vulnerability (CNVD-2020-51391)
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version of the release/test project and some timed tasks . LTS is a long-term support for...
CVE-2020-2239
Jenkins Parameterized Remote Trigger Plugin 3.1.3 and earlier stores a secret unencrypted in its global configuration file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system...
CVE-2020-2239
Jenkins Parameterized Remote Trigger Plugin 3.1.3 and earlier stores a secret unencrypted in its global configuration file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system...
Design/Logic Flaw
Jenkins Parameterized Remote Trigger Plugin 3.1.3 and earlier stores a secret unencrypted in its global configuration file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system...
CVE-2020-2239
The CVE-2020-2239 issue affects Jenkins Parameterized Remote Trigger Plugin up to version 3.1.3. The plugin stores a secret in plaintext in the controller’s global configuration file (org.jenkinsci.plugins.ParameterizedRemoteTrigger.RemoteBuildConfiguration.xml), exposing confidential data to any...
CVE-2020-2239
Jenkins Parameterized Remote Trigger Plugin 3.1.3 and earlier stores a secret unencrypted in its global configuration file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system...
CVE-2020-2239
Jenkins Parameterized Remote Trigger Plugin 3.1.3 and earlier stores a secret unencrypted in its global configuration file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system...
PT-2020-15459 · Jenkins · Jenkins Parameterized Trigger Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Parameterized Remote Trigger Plugin versions 3.1.3 and earlier Description: The issue concerns the storage of a secret in an unencrypted form within the global configuration file on the Jenkins controller. Specifically, the secret is...
SUSE SLES12 Security Update : python-aws-sam-translator, python-boto3, python-botocore, python-cfn-lint, python-jsonschema, python-nose2, python-parameterized, python-pathlib2, python-pytest-cov, python-requests, python-s3transfer (SUSE-SU-2020:0555-1)
This update for python-aws-sam-translator, python-boto3, python-botocore, python-cfn-lint, python-jsonschema, python-nose2, python-parameterized, python-pathlib2, python-pytest-cov, python-requests, python-s3transfer, python-jsonpatch, python-jsonpointer, python-scandir, python-PyYAML fixes the...
CVE-2019-16404
Authenticated SQL Injection in interface/forms/eyemag/js/eyebase.php in OpenEMR through 5.0.2 allows a user to extract arbitrary data from the openemr database via a non-parameterized INSERT INTO statement, as demonstrated by the providerID parameter...
Sql injection
Authenticated SQL Injection in interface/forms/eyemag/js/eyebase.php in OpenEMR through 5.0.2 allows a user to extract arbitrary data from the openemr database via a non-parameterized INSERT INTO statement, as demonstrated by the providerID parameter...
U.S. Dept Of Defense: SQL Injection in Login Page: https://█████/█████████/login.php
Summary: I believe I've discovered an error based SQL injection in the login page for https://████/██████/login.php. Description: When browsing to the webpage https://█████/██████/login.php and entering certain control characters into the "Username" field, and SQL error Oracle is produced. Impact...
Unspecified Vulnerability in CloudBees Parameterized Trigger Plugin
CloudBees Parameterized Trigger Plugin is a parameterized trigger plugin in the U.S. CloudBees company's Jenkins Java-based development of continuous integration tools. An unspecified vulnerability exists in the CloudBees Parameterized Trigger Plugin that stems from the program's failure to detec...
FS Crowdfunding Script - id SQL Injection
FS Crowdfunding Script - id SQL Injection Exploit Title: FS Crowdfunding Script - 'id' SQL Injection Date: 2017-10-24 Exploit Author: 8bitsec Vendor Homepage: https://fortunescripts.com/ Software Link: https://fortunescripts.com/product/crowdfunding-script/ Version: 24 October 17 Tested on: Kali...
CVE-2017-1000084
Parameterized Trigger Plugin fails to check Item/Build permission: The Parameterized Trigger Plugin did not check the build authentication it was running as and allowed triggering any other project in Jenkins...
Authentication flaw
Parameterized Trigger Plugin fails to check Item/Build permission: The Parameterized Trigger Plugin did not check the build authentication it was running as and allowed triggering any other project in Jenkins...
CVE-2017-1000084
CVE-2017-1000084 concerns the Jenkins Parameterized Trigger Plugin, where the component failed to enforce Item/Build permissions during downstream triggering. The underlying issue allowed a build to trigger other projects without proper authorization, potentially enabling unauthorized project lau...
CVE-2017-1000084
Parameterized Trigger Plugin fails to check Item/Build permission: The Parameterized Trigger Plugin did not check the build authentication it was running as and allowed triggering any other project in Jenkins...
jenkins: password exposure in DOM (SECURITY-138)
Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Job/READ permission to obtain the default value for the password field of a parameterized job by reading the DOM...